LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2005, 10:03 AM   #1
mb_chris
LQ Newbie
 
Registered: Aug 2005
Location: Toronto
Distribution: Red Hat
Posts: 2

Rep: Reputation: 0
sftp controlled access


I'm trying to control the access of users that sftp into a linux machine by keeping them in one directory ie./var/logs. Does anyone have any ideas how to achieve this?

Thanks
 
Old 08-18-2005, 10:07 AM   #2
MassDosage
Member
 
Registered: Aug 2005
Location: London, UK
Distribution: Kubuntu
Posts: 75

Rep: Reputation: 15
What sftp server are you using?
 
Old 08-18-2005, 10:09 AM   #3
mb_chris
LQ Newbie
 
Registered: Aug 2005
Location: Toronto
Distribution: Red Hat
Posts: 2

Original Poster
Rep: Reputation: 0
OpenSSH is the sftp server that I am using.

When a user authenticated through sftp, I want to be able to keep them in their home directory and not have them move around anywhere else in the directory structure.
 
Old 08-19-2005, 05:22 AM   #4
MassDosage
Member
 
Registered: Aug 2005
Location: London, UK
Distribution: Kubuntu
Posts: 75

Rep: Reputation: 15
Hmmmm, I'm using SSH in combination with Pure FTP to do SFTP. I haven't set it up to restrict users to their home directory but I have a feeling that Pure FTP allows one to do that. Sorry I don't have much more info on this!
 
Old 08-23-2005, 07:09 AM   #5
dub.wav
Member
 
Registered: Aug 2003
Location: Norway
Distribution: FC4
Posts: 83

Rep: Reputation: 20
You have to set up a chroot for your users, using something like scponly. Rssh is similar, but in my experience scponly is much easier to set up.
The webpage seems to be down for me atm, but if you search around you'll probably find the source, as scponly is included in a few distributions.

The process is pretty much:
su - (you have to be root, otherwise the configure script won't find useradd, and thus the script used for creating chroots won't work)
./configure --enable-chrooted-binary (you may want to disable scp functionality, --help for more.)
make && make install
make jail

The make jail script included has a couple of limitations, namely:
* it can only create per-user chroots
* it can't just update libraries/binaries in a chroot (in case of security fixes, etc)

I wrote a script which handles those things, PM me if you want it.
 
Old 08-25-2005, 05:11 PM   #6
Pilez
LQ Newbie
 
Registered: Aug 2005
Posts: 5

Rep: Reputation: 0
Re: sftp controlled access

Quote:
Originally posted by mb_chris
I'm trying to control the access of users that sftp into a linux machine by keeping them in one directory ie./var/logs. Does anyone have any ideas how to achieve this?

Thanks
On the Jailkit website there is a tutorial to set up sftp-only access. I use jailkit for shells that can do sftp and cvs in a chroot jail and nothing else.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
setting up remote or sftp access helpme0904 Linux - Newbie 2 08-02-2005 03:12 PM
Allowing only SFTP access vanibhat Linux - Enterprise 8 06-30-2005 02:10 AM
How do I use sftp to upload my web site? (no sftp tar command) johnMG Linux - Networking 6 06-21-2005 09:14 PM
my redhat9 pc controlled by other PC chris68 Linux - Security 1 10-16-2004 08:45 PM
Files truncated by sftp/sftp-server at 65kb gato Linux - Networking 1 12-18-2003 10:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration