10-15-2014
Sftp server/chrooted trying to limit user permissions
I needed to set up an sftp server for an external user to upload data for an internal developer.
What I did was created a chrooted user for the external guy, and then created an internal group with full permissions to that directory and then made the internal developer a member of that group so he could grab whatever he needed/etc.
My question is how can I minimize the permissions of the chrooted user so that he/she can upload ONLY, not list what's in the directory, manipulate what's already in there, etc. When I tried locking down the permissions I started running into problems - with only write and/or execute the user was not able to get into the directory, etc. Or is this a limitation with this kind of setup, namely that the chrooted user has to have elevated (rwe) permissions for this to work?
Last edited by xdawg; 10-15-2014 at 02:15 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi
I've been banging my head with this problem for two days, and I'm quite hopeless.
First of all, i would like to insist that no samba is involved.
I have a bunch of users whose home directory is /home/SFFS . Always. All of them. And they all belong to the group sffs.
Permissions of... (4 Replies)
Discussion started by: Calvin1602
4 Replies
2. Shell Programming and Scripting
Hi,
Can some one please tell me the file size limit (if any) while using sftp
I am trying to transfer a file ( size is almost 350 MB ) but it fails as shown below.
sftp> put file1 ./file1
Uploading file1 to /dir1/./file1
file1 25% 100MB 10.2MB/s 00:28 ETA
Couldn't write to remote... (6 Replies)
Discussion started by: vikash_k
6 Replies
3. Red Hat
Hi, I need to log the activity of my SFTP (RHEL 5.4).
I have this in /etc/sshd/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server -f LOCAL5 -l VERBOSE
And this in /etc/syslog.conf:
LOCAL5.* /var/log/sftp.log
When I log in... (1 Reply)
Discussion started by: Tr0cken
1 Replies
4. UNIX for Advanced & Expert Users
Hi List,
I have set up a chrooted SFTP setup following the instructions I found on tech republic:
/blog/opensource/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/229
I have successfully got it all working and I can download files when logged in via sftp... (0 Replies)
Discussion started by: landossa
0 Replies
5. Solaris
We have umask defined under /etc/.login as 022.
I have my user specific umask defined in /userhome/.login as 002.
I understand ftp will not execute anything at destination, it simply transfers files.
But it seem to be using 022 as umask for the files transferred. How does ftp knows what umask... (4 Replies)
Discussion started by: kchinnam
4 Replies
6. UNIX for Advanced & Expert Users
Hello,
I have a task to create 3 users that must connect only via sftp on a machine, and must have only read access to a certain directory (thay shouldn;t be able to cd anywhere else)
The problem is that the directory where these users must have access to, it's already created/owned by another... (0 Replies)
Discussion started by: black_fender
0 Replies
7. Shell Programming and Scripting
Can someone help in writing some script through which I can transfer file (scp) from root user in abc server to crt user in hfg server and can give the crt user password in script itself so that it doesn't prompt me every time for password (4 Replies)
Discussion started by: Moon1234
4 Replies
8. Red Hat
Hi,
I have sftp installed in some of my corporate servers (test and production).
However, I notice that it does not have the limit(l) option for bandwidth limit option.
Why is this? Is it because sftp was not installed with other necessary packages?
How do I make sftp available with the... (4 Replies)
Discussion started by: anaigini45
4 Replies
9. UNIX for Beginners Questions & Answers
Hi All,
Apologies if this question has been asked before. I havent been able to resolve an issue and would like some help.
I am getting files pushed to me via sftp. The files once pushed to my server in folder ABC have -rw------- but I need these files to have the following -rw-rw---- to be... (1 Reply)
Discussion started by: israr75
1 Replies
10. UNIX for Advanced & Expert Users
Hello Folks,
Of course i came here for your favour :)
How to set a defalult home directory for sFTP login ( at present users land in to their home directrory) when they connect from specific server.
When server(A) sFTP's to Linux server(B) they land to thier home directory.
I want... (5 Replies)
Discussion started by: Thala
5 Replies
LEARN ABOUT X11R4
cups-files.conf
cups-files.conf(5) Apple Inc. cups-files.conf(5)
NAME
cups-files.conf - file and directory configuration file for cups
DESCRIPTION
The cups-file.conf file configures the files and directories used by the CUPS scheduler, cupsd(8). It is normally located in the /etc/cups
directory.
Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
DIRECTIVES
The following directives are understood by cupsd(8). Consult the on-line help for detailed descriptions:
AccessLog filename
AccessLog syslog
Defines the access log filename.
ConfigFilePerm mode
Specifies the permissions for all configuration files that the scheduler writes.
DataDir path
Specified the directory where data files can be found.
DocumentRoot directory
Specifies the root directory for the internal web server documents.
ErrorLog filename
ErrorLog syslog
Specifies the error log filename.
FatalErrors none
FatalErrors all -kind [... -kind]
FatalErrors kind [... kind]
Specifies which errors are fatal, causing the scheduler to exit. "Kind" is "browse", "config", "listen", "log", or "permissions".
FileDevice Yes
FileDevice No
Specifies whether the file pseudo-device can be used for new printer queues.
FontPath directory[:directory:...]
Specifies the search path for fonts.
Group group-name-or-number
Specifies the group name or ID that will be used when executing external programs.
LogFilePerm mode
Specifies the permissions for all log files that the scheduler writes.
PageLog filename
PageLog syslog
Specifies the page log filename.
Printcap
Printcap filename
Specifies the filename for a printcap file that is updated automatically with a list of available printers (needed for legacy applica-
tions); specifying Printcap with no filename disables printcap generation.
RemoteRoot user-name
Specifies the username that is associated with unauthenticated root accesses.
RequestRoot directory
Specifies the directory to store print jobs and other HTTP request data.
ServerBin directory
Specifies the directory where backends, CGIs, daemons, and filters may be found.
ServerCertificate filename
Specifies the encryption certificate to use.
ServerKey filename
Specifies the encryption key to use.
ServerRoot directory
Specifies the directory where the server configuration files can be found.
SystemGroup group-name [group-name ...]
Specifies the group(s) to use for System class authentication.
TempDir directory
Specifies the directory where temporary files are stored.
User user-name
Specifies the user name or ID that is used when running external programs.
SEE ALSO
classes.conf(5), cupsd(8), cupsd.conf(5), mime.convs(5), mime.types(5), printers.conf(5), subscriptions.conf(5),
http://localhost:631/help
COPYRIGHT
Copyright 2007-2012 by Apple Inc.
19 November 2012 CUPS cups-files.conf(5)