LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Restrict sftp to a given subdirectory
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-13-2014, 10:00 AM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 789

Rep: Reputation: Disabled
Restrict sftp to a given subdirectory

I started this question on http://www.linuxquestions.org/questi...ry-4175503084/, but was a little scattered on the requirements, and would like to start over.

I am trying to restrict a given user to sftp access for a given sub-directory. I have a couple of non-root users which must have access to the sub-directory's parent directories. This prevents the normal solution to chroot/jail the user to a given directory as the parent directories must be only available to root, else it will result in a "Write failed: Broken pipe" error.

As a work around, I moved the sub-directory to a new directory (/home/public/). I then jailed the user in /home/public/ doing something like the following:
Code:
# /etc/ssh/sshd_config
Subsystem     sftp internal-sftp
Match Group jailed
    ChrootDirectory /home/public
    ForceCommand internal-sftp
    AllowTcpForwarding no

mkdir /home/public
chown root:root /home/public
chmod 0755 /home/public
useradd -M -N -s /bin/false -d /home/public Bert
usermod -G jailed Bert

But now need to put the directory back in it's original location. To do so, I was going to mount it, and not use a symbolic link because I have Git version control on the sub-directories parent directory, and Git will only track the symbolic link as a file and not track it's content.

Reading the MAN, it looks like mount's --bind leaves it in both locations (am I correct?), so I tried the following, and it seemed to work.
Code:
mount --bind /home/public/mySubDirectory /var/www/application/mySubDirectory
I wanted the mount to automatically occur on boot, so I added the following to my /etc/fstab file:
Code:
/home/public/mySubDirectory /var/www/application/mySubDirectory/ayb_application/lib none bind
It seems to me that this should have been simpler. Is the way I did this correct? Thank you
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to restrict number of sftp connections. kirankumarburgu Linux - Security 5 11-10-2010 10:12 AM
Restrict sftp access and changing its port farooq.pathan Linux - Security 2 03-17-2010 10:31 AM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:00 PM
Restrict ssh/sftp with chroot? Chowroc Linux - Networking 4 01-25-2005 10:48 AM
sftp subdirectory how to ?? x2000koh Linux - General 1 12-16-2002 01:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:23 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration