Add user with SFTP but not Shell
I want to add some users, who are able to connect through SFTP but must not have Shell access.
I also want them to be locked at one folder and subfolders so they cannot explore the file system. I have tried this, but it also prevents SFTP so at first point it's not my solution: Code:
useradd -s /bin/nologin <username> |
Hi,
You might want to have a look at scponly Quote:
|
Thanks. I get this information:
Code:
If you want scponly to chroot into the user's home directory prior to │ |
Hi,
Quote:
Have a look here: Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze (especially point 4). Hope this helps. |
Sorry, I searched some more and found this http://blog.frands.net/sftp-only-chr...in-debian-166/
|
But I'm having a strange issue here.
I've added the users and the group (developers). They are pointed to /www/dev and I've run the following: sudo mkdir /www/dev sudo chown www-data:developers -R /www/dev sudo chmod 775 -R /www/dev sudo usermod -a -G developers myUser But still myUser has no write permissions to that folder, am I missing something here? |
Hi,
The instructions you mention in post #5 aren't entirely complete. Have a look at the following posts: Directory permissions in chroot SFTP. In short: You need to create a subdirectory due to security issues. Assuming that you edited sshd_config correctly, this is what seems to work (as root): Code:
$ cd / Code:
$ grep jade /etc/passwd Code:
[stasis] druuna ~ $ sftp jade@inferno |
Quote:
|
Quote:
|
Hi,
The primary group a user belongs to is used when creating a file/directory. It is possible to change the current primary group to different one, but you do have to realize that this effects all files/directories that are created (local and remote), which might not be an option (depends on many things). If you want to do this have a look at this: Code:
# as root, get the current user info: Code:
chgrp developers filename And there is the option you already mentioned: Using a cronjob. It depends on the environment and how people use it which option is appropriate for you. I personally think that permanently changing the users primary group should be avoided if at all possible, unless this is a brand new environment. Hope this helps. |
Thanks. Everything works now :)
|
You're welcome :)
BTW: Can you put up the [SOLVED] tag. first post -> Thread Tools -> Mark this thread as solved |
All times are GMT -5. The time now is 02:44 AM. |