LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-17-2011, 08:12 PM   #1
McFex
LQ Newbie
 
Registered: Jan 2011
Posts: 8

Rep: Reputation: 0
Sharing a home directory on CentOS box


Hi there.

To be clear: I searched and used the button above to find similar topics, but my solution wasn't there.

I was very busy with work the past months, so my quest to become a Linux Crack hasn't borne too many fruits yet
So I am still a ...

So here is my problem:

I have 3 users on my CentOS VPS:
root
user1
user2

For security reasons I only log on via public key, root access is denied.
Admin is user1.
user2 is a regular user.

I want user1 to be able to additionally access user2's home directory,
when I log in via SFTP using FileZilla, because occasionally I want to move files from user1's home directory to user2's home directory.
But I need user2 to still be able to connect to his home directory via SFTP, too (everything I tried up to now always "breaks" his account).

How do I do that?

user1 is in the wheel group in order to be able to become root if necessary.
user2 is in the user2 group.

I tried adding user1 to the user2 group, but that alone doesn't seem to give him access to user2's home directory.

I know this must be about rights and permissions, maybe group permissions? I sit on it about 8 hours now and don't see no light at the end of the tunnel.
When I think I got it I suddenly can't log in with user2 anymore (neither PUTTY nor FileZilla).

Thank you in advance for any help!
 
Old 07-17-2011, 10:14 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650
Check permissions 'ls -ld /home/user2' and see what the group permissions are. Something like 'drwx------ 2 user2 user2 ... ' shows that the group has no rights so you'll need to 'chmod -R g+rw /home/user2'.
 
Old 07-17-2011, 11:28 PM   #3
McFex
LQ Newbie
 
Registered: Jan 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Thank you for your reply .

Shall I do that as user1, user2 or as root?
Because I already tried that as user2 - after a few log ins with user1 and opening user2's home directory, I can't log in with user2 anymore. It says "no authentication methods available".
Is it possible that visiting another users home directory via SFTP client can change his permissions? So that the other user might not be able to log in anymore, because the authorized_keys file is not available anymore?
 
Old 07-18-2011, 12:39 AM   #4
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650
As root. Thanks for reminding me, you'll need to leave the permissions on /home/user2/.ssh as they are - 600 from memory
 
Old 07-18-2011, 12:53 AM   #5
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,200

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
a quick and dirty way would be to say log in as user1 and sftp the machine to itself as user 2 or vice versa and upload/download files as necessary, i saw this done with ftp on a unix machine when i was taking a c++ class, my instructor would log into the box with our credentials to collect our homework since he didn't have root access to the box. of course you also have sshfs that can mount an sftp session as a local volume if plain sftp isn't adequate.
 
Old 09-09-2011, 02:57 AM   #6
McFex
LQ Newbie
 
Registered: Jan 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Bumping :blush:

O.k., I was kind of busy the last two months.

My initial question was kind of missleading.
So lets try it again:

I have several users on my centOS5.5 server (user 2, user 3,etc.).
They all have their own home directory.
There is also the user root who can't log in, for the reasons described in post 1.
Last but not least there is user 1, who is in the wheel group. Once he has logged on he is able to become root.
But he is no admin, though. That was one of the missunderstandings in post 1, I think.
This user is the one, who I want to be able to have access to the other users home directories when logging on via SFTP (Filezilla).
I want to copy files into their home directory or delete them, if necessary.
If I create a group and add all users to this group, user 1 is still not able to access the other home directories.

I made user 1 root and tried your suggestion, kbp:
Quote:
Check permissions 'ls -ld /home/user2' and see what the group permissions are. Something like 'drwx------ 2 user2 user2 ... ' shows that the group has no rights so you'll need to 'chmod -R g+rw /home/user2'.
I checked and you were right, the permissions were as you said.
But using the 'chmod -R g+rw /home/user2' command as root would only lead to the other users not being able to log in anymore (neither via PuTTY nor FileZilla).

How can I achieve my goal?
Maybe by creating a group and making user 1 Admin? Shouldn't he then be able to administer the other users directories? How do I do that?
As I understand your advice, kbp, it would give all users access to everybody's home directory, wouldn't it?
Or did you mean I have to let user 1 join a single group with every user separately?

I am really stuck, asked many friends who couldn't help, tried to read and understand some literature, but to no success ...
Anyones help is greatly appreciated

Last edited by McFex; 09-09-2011 at 02:58 AM.
 
Old 09-12-2011, 08:47 AM   #7
McFex
LQ Newbie
 
Registered: Jan 2011
Posts: 8

Original Poster
Rep: Reputation: 0
O.K. next try:

On my quest to create a user who would be able to access everyones home directory via sftp I tried something different:

I thought maybe I can deny user root access via ssh, but allow him to connect via sftp in order to fulfill the task.
I found this:
Quote:
How to restrict users to SFTP only instead of SSH

Posted by hruske on Sun 13 Feb 2005 at 21:52
Tags: sftp, ssh

Sometimes you want to have users, that have access to files on your server, but don't want them to be able to log in and execute commands on your server.

This is done quite easily.

Add user as usually and assign him a password. Then run the following command (replace the 'username' with real user name):

root@host # usermod -s /usr/lib/sftp-server username

This changes user's shell to sftp-server.

The last step for this to work is to add '/usr/lib/sftp-server' to /etc/shells to make it a valid shell, eg. like this:

root@host # echo '/usr/lib/stfp-server' >> /etc/shells

There. Now you've setup a user who can only access your server with SFTP.

Now I tried to set root as the user.
I can't log in via ssh anymore.
But also not via sftp.
AND I can't become root anymore with my wheel group user.

Is there any way to make this work?
Root should be able to log in via sftp but not ssh, but I need certainly my wheel group user to be able to become root with sudo su -.
How could I do that?

I also tried to use WinSCP, becasue there seems to be the possibility to log in via sftp and become root, but I couldn't get this to work either.
Maybe anyone has experience with WinSCP and can explain how to get this work properly?
I'd really appreciate any help or hint ...

Last edited by McFex; 09-12-2011 at 08:57 AM. Reason: adding information
 
Old 09-12-2011, 07:46 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
If the users can share one dir for their uploads, then you'd make one dir and

Code:
chmod g+s
on the dir, which ensures that any file created in the dir by anyone automatically gets owned by the group-owner of the dir, not the user's group.
You then make the user1 the owner of that dir.

Alternately, accept that SFTP is really designed just for upload/download and allow user1 to login via ssh (as well as sftp) and move people's files around, usually by putting everyone in the same group.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH from the Internet to my Centos Linux box at home behind the router rewards Linux - Networking 9 05-13-2011 05:58 AM
FC5 / Ubuntu home directory sharing without sharing session information cdhgee Fedora 1 07-26-2006 06:47 PM
Samba Sharing entire Home Directory jawaking00 Linux - Newbie 2 07-25-2005 09:13 AM
Sharing one home directory with multiple users cwolf78 Linux - Software 11 05-08-2005 07:58 PM
Sharing files not in Home directory tomsa Linux - Networking 0 07-22-2003 04:22 PM


All times are GMT -5. The time now is 05:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration