chrooted sftp environment main account with several subaccounts

b0oze · 09-10-2014, 09:47 AM

0 down vote favorite

I'm looking for a solution for the folowing situation, I can't find anything about this specific issue.

We've got a user at our SFTP server which has the (fictitious) home directory /home/sftpmaster/, which has got to be chrooted. The user is NOT allowed to go outside his own directory.

BUT, in this directory there are serveral subdirectories, these directories are home directories of other users, lets say: /home/sftpmaster/user1, /home/sftpmaster/user2 and so on.

User1 is not allowed to see the files of User1, user2 is not allowed to see the files of user1. Both users are not allowed to see the root of /home/sftpmaster/

sftpmaster must have (read/write) access to the subdirectories (/home/sftpmaster/user1...)

Is there any way to accomplish this?

I'm a little lost here, any help would be appreciated.

Edit: I'm using Ubuntu Server 14.04.1 LTS

Ztcoracat · 09-11-2014, 11:38 PM

Hi:

I'm not on a server sorry I won't be much help.

Quote:

User1 is not allowed to see the files of User1, user2 is not allowed to see the files of user1. Both users are not allowed to see the root of /home/sftpmaster/

If I had to guess,
It had to of been set up that way by the System Administrator and for a good reason.
If you are the System Administrator only your elevated privileges will accomplish this (I'm pretty sure)

I can see were user1 shouldn't be able to see the files of user2 but user1 not being able to see his own files is most certainly odd in my book. Any clue why this is? (trying to understand)

It sounds like an ownership issue:-

Code:

chown – change ownership.

http://www.linux.com/learn/tutorials...sions-in-linux

I have never seen any case like this before it is indeed perplexing.
-:- I've given this my best go; Sorry I don't know more.-:-

Study this page may help you to understand:-
http://linuxcommand.org/lts0070.php

http://www.washington.edu/computing/...rmissions.html
http://www.perlfect.com/articles/chmod.shtml

b0oze · 09-15-2014, 05:26 PM

Thanks for your response.

Quote:

I can see were user1 shouldn't be able to see the files of user2 but user1 not being able to see his own files is most certainly odd in my book. Any clue why this is? (trying to understand)

I see that I've had a typo in the question, we have got the folowing filepaths, within linux the filepaths for the homedirs are exactly the same:

/home/ftpmaster
/home/ftpmaster/user1
/home/ftpmaster/user2
/home/ftpmaster/user3

fptmaster should have access to /home/ftpmaster and all subdirectorys with read/write
user1 should have access to /home/ftpmaster/user1 and all subdirectorys with read/write
user2 should have access to /home/ftpmaster/user2 and all subdirectorys with read/write
user3 should have access to /home/ftpmaster/user3 and all subdirectorys with read/write

ftpmaster should not be able to list /home, because he must be jailed within his homedirectory.
user1, user2 and user3 should not be able to list /home/ftpmaster, because they must be jailed within their homedirectory.

Maybe this explains the situation

Ztcoracat · 09-15-2014, 07:12 PM

Looking at this:

Code:

fptmaster should have access to /home/ftpmaster and all subdirectorys with read/write

You say "should" so if the user does not have access than you will have to change the permissions if those users do not have those privileges that you need them to have.
Is "fptmaster" the Administrator?

Code:

user1, user2 and user3 should not be able to list /home/ftpmaster, because they must be jailed within their homedirectory.

With that being the case, the root user can only restrict user1, user2, and user3--

The page linked for 'Permissions', the'chmod' command and change ownership command is the only way that I know how you can control privileges and access-abilities.

Ztcoracat · 09-15-2014, 07:20 PM

The chmod command is used to change the permissions of a file or directory. To use it, you specify the desired permission settings and the file or files that you wish to modify.

This is the only way that I know how to change permissions.

Maybe encrypt the Owners Home Directory if you don't want the other users to have access--

Hope that helps.

b0oze · 09-16-2014, 04:15 AM

Now I'm completly lost....

I've folowed: http://www.thefanclub.co.za/how-to/h...-part-1-basics

when I set the permissions to: chown root:root /home/ftpmaster/user1/ it is possible to login through SFTP, but the user is not able to create/delete files.

when I set the permissions during an active SFTP session to: chown user1:sftponly -R /home/ftpmaster/user1/ the user is able the create files and folders, but it is not possible to reconnect until the permissions are set back to root:root, after that creating or removing files is not possible anymore.

Also, setting the permissions on files and folders to 775 for user1:sftponly won't make it possible for ftpmaster to delete files and directory's in the folder /home/ftpmaster/user1.

Ztcoracat · 09-16-2014, 12:28 PM

You can use SFTP from the command line on Unix and Mac OS X computers. To start an SFTP session, at the command prompt, enter:

Code:

  sftp username@host

There is an example on this page to help you see how it's done.
https://kb.iu.edu/d/akqg

Are you running at least Ubuntu (version) 12.04 LTS?
Is LAMP stack installed?

That's a good tutorial for securing a Ubuntu server. Were you able to complete all 18 steps or are you stuck on one of the steps?

Are you using Linux only (or) are you also using a Windows machine (client) as far as your Server is concerned?