Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi all , we would like to create a "dropbox" user experiance using SFTP and Ubuntu, that user can upload files to a dir but not be able to read his own uploaded files (wirte-only), we did install ubuntu and SSHD, the SSHD_CONFIG looks like below ...
The user account44 is able to upload ( read, write ) files right now to the upload directory, but I want this user to only be able put files and not seeing them afterwards .
Can someone tell me how to achieve this for the user account44 ??
# Package generated configuration file
# See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress ::
# HostKeys for protocol version 2
#Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Logging SyslogFacility AUTH LogLevel INFO # Authentication:
# Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp internal-sftp ChrootDirectory /sftp/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
# Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp internal-sftp ChrootDirectory /sftp/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'.
btw: I did logon with root account and then cd /sftp/account44/
and then chmod -r upload
Where upload is the directory which should have the dropbox effect , but when I ftp using account44 I cannot list the upload dir, which is good, but I cannot either write to it, getting Directory /upload: permission denied ..
What to do ?
One approach may be to use the -u option of sftp-server to change/force the umask used for creating files. You can set this in your sshd_config file as follows:
Subsystem sftp /usr/lib/openssh/sftp-server -u 0777
(fix the path for your sftp-server executable)
Giving the user write permission to the directory will allow him/her to create new files. Setting the umask to 0777 means that once the files are created, he will have no permissions on the file (to read or overwrite).
Regarding read permissions on the directory, this only affects whether the user can list the files, not whether he can read the individual files. There should therefore not be too much harm in allowing this. Having said this, removing the directory read permissions was not fatal for me when I tested it. I could cd to the directory, and put files there. "ls" failed with "Permission denied", but didn't stop me from "put"ing a file there. Different sftp clients may handle this differently, though, particularly if you are using a GUI sftp client that wants to list the files.
Hallo there ,
Many thanks for your support ... adding sftp /usr/lib/openssh/sftp-server -u 0777 will probably be activated and applied to all the users, correct me if I'm wrong .
which is somehting I want to prevent since i was to do this only for ONE test user account44, would you tell how to achieve this ?
Many thanks !