Results 1 to 5 of 5

Thread: More SFTP questions

  1. #1
    Join Date
    Apr 2014
    Beans
    7

    More SFTP questions

    Hi Guys,

    I'm still playing with SFTP and have a number of issues:

    1) If I run sftp user@host on the host itself I can successfully connect to sftp. However if I try this through Core FTP - I get "Permission Denied - Data port failed - Error loading directory"
    2) If I try and connect to SSH through Putty I login and am booted straight out - I guess the Permission denied issue above has different effects for Putty
    3) Is it possible to have some users Chrooted with others not? Its just if I connect through Putty I want full server control but with SFTP i'm limiting the path access. Does sudo break out of restrictions set in place for SFTP/SSH?
    4) Oh and late addition: SSH from the localhost errors as well with permission denied? SFTP fine.

    Thanks

    Antony
    Last edited by antony7; April 26th, 2014 at 08:38 PM.

  2. #2
    Join Date
    Sep 2006
    Beans
    8,367
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: More SFTP questions

    For question #3, yes, it is possible to chroot some users and not others. Use the Match directive to define which group to apply the chroot to.

    Code:
    Subsystem sftp internal-sftp
    
    Match Group sftp-only
            ChrootDirectory /home
            AllowTCPForwarding no
            X11Forwarding no
            ForceCommand internal-sftp -d %u
    Then just add the users to be chrooted to the group sftp-only. Users not in that group will have normal access, assuming that the rest of the configuration is left as it was with the defaults. That arrangement also forces SFTP and disallows shell access for the group.

  3. #3
    Join Date
    Apr 2014
    Beans
    7

    Re: More SFTP questions

    That is super thanks. By amending my user to be in the root group rather than my remotefileaccess I bypassed the MatchGroup parameters. The issue however is that for some reason the user did not have the correct permissions to my /var/www/%USER/www folder so when they logged in Chrooted it said permission denied. But great help. THanks.

  4. #4
    Join Date
    Sep 2006
    Beans
    8,367
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: More SFTP questions

    /var/www/%USER/www should be owned by the user, but the ones above it owned by root.

    Code:
    sudo chown root:root /var/www
    sudo chown root:root /var/www/*
    sudo chmod 755 /var/www
    sudo chmod 755 /var/www/*
    (You could also use 701 instead of 755.)

    Then you can chroot to %u and cd to /var/www/%u/www, which will appear as /www inside the chroot.

    Code:
    ChrootDirectory /var/www/%u
    ForceCommand internal-sftp -d /www
    Last edited by Lars Noodén; April 27th, 2014 at 09:24 AM.

  5. #5
    Join Date
    Oct 2013
    Beans
    19

    Re: More SFTP questions

    deleted. Sorry.
    Last edited by Adonosonix; April 27th, 2014 at 10:40 AM. Reason: deletion

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •