Login or Register to Ask a Question and Join Our Community


Red Hat

SFTP User creation in Redhat Linux/UNIX

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat SFTP User creation in Redhat Linux/UNIX
# 1  
Old 10-29-2015
Hammer & Screwdriver SFTP User creation in Redhat Linux/UNIX
Code:
SFTP user creation step…
  
  Create a group
  # groupadd  sftp_users
  
  If the users doesn’t exist on system , use below command :
# useradd  -G sftp_users  -s /sbin/nologin  username
# passwd username


  For already existing users , use below usermod command :
# usermod –G sftp_users  -s /sbin/nologin  username

  # vi /etc/ssh/sshd_config

#comment out the below line and add a line like below
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

  # add Below lines  at the end of file
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory %h
ForceCommand internal-sftp
  
  
  Restart the ssh service
# service sshd restart

For Solaris 10

Code:
In your sshd_config file- make below changes
vi /etc/ssh/sshd_config
  
Match User user 
ChrootDirectory /home/user 
ForceCommand internal-sftp 
AllowTcpForwarding no 
  Esc :wq

Then run:- 
chsh -s /bin/false user 
chown root:root /home/user 
mkdir /home/user/uploads 
chown user /home/user/uploads   

Restart ssh

svcadm disable /network/ssh:default
svcadm enable /network/ssh:default

The user will only be able to write in /home/user/uploads.
Last edited by taherahmed; 10-30-2015 at 02:33 AM.. Reason: Solaris Procedure Added
# 2  
Old 11-19-2015
SFTP User in SPARC Servers Solaris 10
1) Download and install OpenSSH for Solaris 10/SPARC and all dependencies(Please read the 404 Not Found note):

- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssh-5.6p1-sol10-sparc-local.gz]openssh-5.6p1-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-1.0.0a-sol10-sparc-local.gz]openssl-1.0.0a-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/zlib-1.2.5-sol10-sparc-local.gz]zlib-1.2.5-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz]ibgcc-3.4.6-sol10-sparc-local.gz

2) Configure <tt>/usr/local/etc/sshd_config</tt> file with the "+<tt>ChrootDirectory</tt>+" directive. For me:
[...]

# override default of no subsystems
#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp

[...]

# Example of overriding settings on a per-user basis
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

3) Create group and user for sftp-only account. For me:

root@taurus # groupadd sftponly
root@taurus # grep sftponly /etc/group
sftponly::202:
root@taurus # useradd -g sftponly -c "Sftp only user" -d /export/home/explorer -s /bin/false -m explorer
explorer:x:1002:202:Sftp only user:/export/home/explorer:/bin/false
root@taurus # passwd explorer
New Password:
Re-enter new Password:
passwd: password successfully changed for explorer
root@taurus #

4) Change home directory permission and create a r/w direcorty (uploads) for sftponly user account.

root@taurus # cd /export/home
root@taurus # ls -la
total 14
drwxr-xr-x 4 root root 4 Oct 29 15:28 .
drwxr-xr-x 3 root sys 3 Jan 22 2009 ..
drwxr-xr-x 3 explorer sftponly 3 Oct 29 15:41 explorer
root@taurus # chown root:sftponly explorer; chmod 750 explorer
root@taurus # ls -la
total 14
drwxr-xr-x 4 root root 4 Oct 29 15:28 .
drwxr-xr-x 3 root sys 3 Jan 22 2009 ..
drwxr-x--- 3 root sftponly 3 Oct 29 15:41 explorer
root@taurus #

This will make a read-only, chrooted directory perfect for people to come in and get stuff, but never write.
For example, you could make a directory explorer/uploads that allow people to write in.Then you can moderate what gets copied into the read-only /explorer area. Remember that if a user can write in a directory then they can also delete anything in that directory.

root@taurus # cd explorer
root@taurus # mkdir uploads && chown -R explorer:sftponly uploads && chmod 0755 uploads
root@taurus # ls -al
total 9
drwxr-x--- 3 root sftponly 3 Oct 29 15:41 .
drwxr-xr-x 4 root root 4 Oct 29 15:28 ..
drwxr-xr-x 2 explorer sftponly 2 Oct 29 15:56 uploads
root@taurus #

5) Disable SunSSH "service" and enable OpenSSH "service" (with SMF):

root@taurus # svcadm disable ssh

See [url http://www.sunfreeware.com/sshsol10.html]here for Running openssh vis SMF on Solaris 10 Systems

root@taurus # svcadm disable ossh
root@taurus # svcs -a | grep ssh
disabled 12:37:51 svc:/network/ssh:default
online 15:29:41 svc:/network/ossh:default
root@taurus #

6) Test your job :-)

Helpful links:
==============
http://www.sunfreeware.com
http://www.openssh.org
http://calomel.org/sftp_chroot.html

(Courtesy: OTN )
Last edited by taherahmed; 11-19-2015 at 04:15 AM.. Reason: found process fro sparc
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Linux sftp — how to add new user to access exist directory with write permission?

I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies

2. UNIX for Beginners Questions & Answers

Sftp file creation time

Hi Team, Could you please let me know ,how to find the file creation date time in SFTP server. i tred like , ls -ltr command only availble and not available like ls --full-time test.txt please help? Thanks (7 Replies)
Discussion started by: bmk123
7 Replies

3. Shell Programming and Scripting

Sftp file creation date and time

Hi Team, How to get the file creation date and time in SFTP server we can able to type ls -ltr command only SFTP server. Generally we type ls --full-time test.txt we will get the date and time , same way how to do in SFTP server after connected. Thanks (1 Reply)
Discussion started by: bmk123
1 Replies

4. UNIX for Advanced & Expert Users

secure sftp login not working in RedHat Linux

I'm using RedHat Linux 6.1 and wanted to create an user account with only access to single directory. Have followed all the steps from below link and still user is not able to login: How to Setup Chroot SFTP in Linux (Allow Only SFTP, not SSH) (link removed) While the other users, which... (10 Replies)
Discussion started by: asyed
10 Replies

5. Shell Programming and Scripting

UNIX/Linux User permisions

Hi Guys, I have a program that runs but now everytime the user tries to do chown userid:groupid it fails with operation not permit. I do have root access to the server. How do I grant the user chown priviledge? Please Help !!!!!!!!!!!!! Thanks in advance... (2 Replies)
Discussion started by: Phuti
2 Replies

6. Shell Programming and Scripting

generic sftp script creation

I am trying to work out if it is possible to create a generic scrip which will allow sftp to be run for connecting to a host machine based on a parameter and to retrieve files based on a batch file. The batch file bit I am fine with, I can make that work. The are I'm not so sure about is how to... (1 Reply)
Discussion started by: mike_p
1 Replies

7. Red Hat

User creation

Hi Thanks in advance. How to create a user without useradd command ?? (1 Reply)
Discussion started by: krish4linux
1 Replies

8. Shell Programming and Scripting

File locking (Unix/Linux) & sftp

Hi all, Can anyone help ...on how to ensure that a file is locked . thanks & regards, Soodoo ---------------------------------------- Problem description: - We usually use the mv command in scripts to make sure that a file is complete and not being written to by another process. ... (1 Reply)
Discussion started by: soodoo
1 Replies

9. Shell Programming and Scripting

SFTP vs FTP and going UNIX to LINUX

I have automated an ftp process that FTP's files from one UNIX box to another in the following format: ftp -n -v $REMOTE_SERV << EOF user $FTP_USER $FTP_PASS cd $REMOTE_PATH put $CUR_NAME $NEW_NAME bye But how can I accomplish this SFTPing from a UNIX box to a LINUX box? I've seen... (4 Replies)
Discussion started by: TimBurke
4 Replies

10. UNIX for Advanced & Expert Users

Server load (Unix/Linux, Redhat, CPanel)

Hello, I'm facing a big problem with my hosting server (Dual Xeon 2.4GHz), I'm having a load in the CPU usage and the memory (maybe it's related) ALSO mySQL: Server Load 5.34 (2 cpus) (to 22 sometime) Memory Used 68.4 % (to 70% sometime) When I go to 'CPU/Memory/MySQL Usage' I found: ... (3 Replies)
Discussion started by: Kh@lid
3 Replies
Login or Register to Ask a Question