LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-10-2014, 10:47 AM   #1
b0oze
LQ Newbie
 
Registered: Feb 2011
Posts: 3

Rep: Reputation: 0
chrooted sftp environment main account with several subaccounts


0 down vote favorite


I'm looking for a solution for the folowing situation, I can't find anything about this specific issue.

We've got a user at our SFTP server which has the (fictitious) home directory /home/sftpmaster/, which has got to be chrooted. The user is NOT allowed to go outside his own directory.

BUT, in this directory there are serveral subdirectories, these directories are home directories of other users, lets say: /home/sftpmaster/user1, /home/sftpmaster/user2 and so on.

User1 is not allowed to see the files of User1, user2 is not allowed to see the files of user1. Both users are not allowed to see the root of /home/sftpmaster/

sftpmaster must have (read/write) access to the subdirectories (/home/sftpmaster/user1...)

Is there any way to accomplish this?

I'm a little lost here, any help would be appreciated.

Edit: I'm using Ubuntu Server 14.04.1 LTS
 
Old 09-12-2014, 12:38 AM   #2
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,835
Blog Entries: 7

Rep: Reputation: Disabled
Hi:

I'm not on a server sorry I won't be much help.

Quote:
User1 is not allowed to see the files of User1, user2 is not allowed to see the files of user1. Both users are not allowed to see the root of /home/sftpmaster/
If I had to guess,
It had to of been set up that way by the System Administrator and for a good reason.
If you are the System Administrator only your elevated privileges will accomplish this (I'm pretty sure)

I can see were user1 shouldn't be able to see the files of user2 but user1 not being able to see his own files is most certainly odd in my book. Any clue why this is? (trying to understand)

It sounds like an ownership issue:-
Code:
chown  change ownership.
http://www.linux.com/learn/tutorials...sions-in-linux

I have never seen any case like this before it is indeed perplexing.
-:- I've given this my best go; Sorry I don't know more.-:-

Study this page may help you to understand:-
http://linuxcommand.org/lts0070.php

http://www.washington.edu/computing/...rmissions.html
http://www.perlfect.com/articles/chmod.shtml
 
Old 09-15-2014, 06:26 PM   #3
b0oze
LQ Newbie
 
Registered: Feb 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for your response.

Quote:
I can see were user1 shouldn't be able to see the files of user2 but user1 not being able to see his own files is most certainly odd in my book. Any clue why this is? (trying to understand)
I see that I've had a typo in the question, we have got the folowing filepaths, within linux the filepaths for the homedirs are exactly the same:

/home/ftpmaster
/home/ftpmaster/user1
/home/ftpmaster/user2
/home/ftpmaster/user3

fptmaster should have access to /home/ftpmaster and all subdirectorys with read/write
user1 should have access to /home/ftpmaster/user1 and all subdirectorys with read/write
user2 should have access to /home/ftpmaster/user2 and all subdirectorys with read/write
user3 should have access to /home/ftpmaster/user3 and all subdirectorys with read/write

ftpmaster should not be able to list /home, because he must be jailed within his homedirectory.
user1, user2 and user3 should not be able to list /home/ftpmaster, because they must be jailed within their homedirectory.

Maybe this explains the situation

Last edited by b0oze; 09-15-2014 at 07:08 PM.
 
Old 09-15-2014, 08:12 PM   #4
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,835
Blog Entries: 7

Rep: Reputation: Disabled
Looking at this:
Code:
fptmaster should have access to /home/ftpmaster and all subdirectorys with read/write
You say "should" so if the user does not have access than you will have to change the permissions if those users do not have those privileges that you need them to have.
Is "fptmaster" the Administrator?

Code:
user1, user2 and user3 should not be able to list /home/ftpmaster, because they must be jailed within their homedirectory.
With that being the case, the root user can only restrict user1, user2, and user3--

The page linked for 'Permissions', the'chmod' command and change ownership command is the only way that I know how you can control privileges and access-abilities.
 
Old 09-15-2014, 08:20 PM   #5
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,835
Blog Entries: 7

Rep: Reputation: Disabled
The chmod command is used to change the permissions of a file or directory. To use it, you specify the desired permission settings and the file or files that you wish to modify.

This is the only way that I know how to change permissions.

Maybe encrypt the Owners Home Directory if you don't want the other users to have access--

Hope that helps.
 
Old 09-16-2014, 05:15 AM   #6
b0oze
LQ Newbie
 
Registered: Feb 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Now I'm completly lost....

I've folowed: http://www.thefanclub.co.za/how-to/h...-part-1-basics

when I set the permissions to: chown root:root /home/ftpmaster/user1/ it is possible to login through SFTP, but the user is not able to create/delete files.

when I set the permissions during an active SFTP session to: chown user1:sftponly -R /home/ftpmaster/user1/ the user is able the create files and folders, but it is not possible to reconnect until the permissions are set back to root:root, after that creating or removing files is not possible anymore.

Also, setting the permissions on files and folders to 775 for user1:sftponly won't make it possible for ftpmaster to delete files and directory's in the folder /home/ftpmaster/user1.

Last edited by b0oze; 09-16-2014 at 05:17 AM.
 
Old 09-16-2014, 01:28 PM   #7
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,835
Blog Entries: 7

Rep: Reputation: Disabled
You can use SFTP from the command line on Unix and Mac OS X computers. To start an SFTP session, at the command prompt, enter:
Code:
  sftp username@host
There is an example on this page to help you see how it's done.
https://kb.iu.edu/d/akqg

Are you running at least Ubuntu (version) 12.04 LTS?
Is LAMP stack installed?

That's a good tutorial for securing a Ubuntu server. Were you able to complete all 18 steps or are you stuck on one of the steps?

Are you using Linux only (or) are you also using a Windows machine (client) as far as your Server is concerned?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sftp chrooted permission issue hamzar.pm Linux - Newbie 1 09-01-2012 06:41 AM
LXer: Restricting Users To SFTP Plus Setting Up Chrooted SSH/SFTP (Debian Squeeze) LXer Syndicated Linux News 0 09-06-2011 08:10 AM
SFTP server chrooted humbletech99 Linux - Security 2 04-02-2007 02:24 PM
sftp chrooted on samba - suggestions yogaboy Linux - Security 2 12-28-2006 09:24 AM
Problem with Scponly and chrooted SFTP kicko Mandriva 2 07-14-2006 02:10 PM


All times are GMT -5. The time now is 11:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration