chrooted sftp environment main account with several subaccounts
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
chrooted sftp environment main account with several subaccounts
0 down vote favorite
I'm looking for a solution for the folowing situation, I can't find anything about this specific issue.
We've got a user at our SFTP server which has the (fictitious) home directory /home/sftpmaster/, which has got to be chrooted. The user is NOT allowed to go outside his own directory.
BUT, in this directory there are serveral subdirectories, these directories are home directories of other users, lets say: /home/sftpmaster/user1, /home/sftpmaster/user2 and so on.
User1 is not allowed to see the files of User1, user2 is not allowed to see the files of user1. Both users are not allowed to see the root of /home/sftpmaster/
sftpmaster must have (read/write) access to the subdirectories (/home/sftpmaster/user1...)
Is there any way to accomplish this?
I'm a little lost here, any help would be appreciated.
User1 is not allowed to see the files of User1, user2 is not allowed to see the files of user1. Both users are not allowed to see the root of /home/sftpmaster/
If I had to guess,
It had to of been set up that way by the System Administrator and for a good reason.
If you are the System Administrator only your elevated privileges will accomplish this (I'm pretty sure)
I can see were user1 shouldn't be able to see the files of user2 but user1 not being able to see his own files is most certainly odd in my book. Any clue why this is? (trying to understand)
I can see were user1 shouldn't be able to see the files of user2 but user1 not being able to see his own files is most certainly odd in my book. Any clue why this is? (trying to understand)
I see that I've had a typo in the question, we have got the folowing filepaths, within linux the filepaths for the homedirs are exactly the same:
fptmaster should have access to /home/ftpmaster and all subdirectorys with read/write
user1 should have access to /home/ftpmaster/user1 and all subdirectorys with read/write
user2 should have access to /home/ftpmaster/user2 and all subdirectorys with read/write
user3 should have access to /home/ftpmaster/user3 and all subdirectorys with read/write
ftpmaster should not be able to list /home, because he must be jailed within his homedirectory.
user1, user2 and user3 should not be able to list /home/ftpmaster, because they must be jailed within their homedirectory.
fptmaster should have access to /home/ftpmaster and all subdirectorys with read/write
You say "should" so if the user does not have access than you will have to change the permissions if those users do not have those privileges that you need them to have.
Is "fptmaster" the Administrator?
Code:
user1, user2 and user3 should not be able to list /home/ftpmaster, because they must be jailed within their homedirectory.
With that being the case, the root user can only restrict user1, user2, and user3--
The page linked for 'Permissions', the'chmod' command and change ownership command is the only way that I know how you can control privileges and access-abilities.
The chmod command is used to change the permissions of a file or directory. To use it, you specify the desired permission settings and the file or files that you wish to modify.
This is the only way that I know how to change permissions.
Maybe encrypt the Owners Home Directory if you don't want the other users to have access--
when I set the permissions to: chown root:root /home/ftpmaster/user1/ it is possible to login through SFTP, but the user is not able to create/delete files.
when I set the permissions during an active SFTP session to: chown user1:sftponly -R /home/ftpmaster/user1/ the user is able the create files and folders, but it is not possible to reconnect until the permissions are set back to root:root, after that creating or removing files is not possible anymore.
Also, setting the permissions on files and folders to 775 for user1:sftponly won't make it possible for ftpmaster to delete files and directory's in the folder /home/ftpmaster/user1.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.