LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-05-2010, 10:44 AM   #1
Mr Pink
LQ Newbie
 
Registered: Dec 2008
Posts: 23

Rep: Reputation: 0
Chroot and Openssh home directory's


Hi,

I have the following set up for our sftp users

Subsystem sftp internal-sftp

Match Group sftpuser
ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

but obviously the home directory's require to be owned by root (Which I am unsure of why?) I would quite like the users to connect the server and be presented with a directory they can write to. I thought about putting something in their .profile or .bashrc but as they are all using /bin/false this isn't going to be possible.

Any assistance most appreciated,

Will
 
Old 11-06-2010, 08:22 PM   #2
aluser
Member
 
Registered: Mar 2004
Location: Massachusetts
Distribution: Debian
Posts: 557

Rep: Reputation: 43
Why do they have to be owned by root? An sftp thing?

If the users each belong to their own group, or you're willing to add a new group for each user, perhaps you could chgrp the home directories to those groups and give group write permission on them.
 
Old 11-08-2010, 06:37 AM   #3
Mr Pink
LQ Newbie
 
Registered: Dec 2008
Posts: 23

Original Poster
Rep: Reputation: 0
Yeah I would've liked to but the directory needs to have root ownership and group ownership otherwise it won't allow the user to log in.
 
Old 11-08-2010, 07:22 AM   #4
vermaden
Member
 
Registered: Jan 2006
Location: pl_PL.lodz
Distribution: FreeBSD
Posts: 406

Rep: Reputation: 89
@Mr Pink

You can create directory in /home/user with user's rights, so he would be able to write there, like that:

Code:
% ls -l /home | grep user
drwxr-xr-x   3 root  chroot  3 2010.10.24 18:23 user/

% ls -l /home/user
total 1
drwxr-xr-x  2 user  chroot  2 2010.10.24 18:24 data/
 
Old 11-08-2010, 07:39 AM   #5
Mr Pink
LQ Newbie
 
Registered: Dec 2008
Posts: 23

Original Poster
Rep: Reputation: 0
Yeah I have done that, I would like them just to connect and not have to change directory though.
 
Old 11-08-2010, 07:58 PM   #6
aluser
Member
 
Registered: Mar 2004
Location: Massachusetts
Distribution: Debian
Posts: 557

Rep: Reputation: 43
I've got it google came to the rescue: http://marc.info/?l=openssh-unix-dev&m=122649688119084

You have to create the full path of the user's home directory *inside* the chroot, and then sftp will cd there when the user logs in. I'm not sure if you'll have to create an /etc/passwd inside the chroot for this to work, or if it works with the regular passwd file.
 
Old 11-09-2010, 06:27 AM   #7
Mr Pink
LQ Newbie
 
Registered: Dec 2008
Posts: 23

Original Poster
Rep: Reputation: 0
Fantastic that works fine!

In /etc/passwd I just set the users home directory to

ftpuser:x:1010:1013:,,,:/upload:/bin/false

which was inside the Chroot directory /home/ftpuser/upload and it works lovely.

Many thanks for all your help
 
Old 11-16-2010, 09:54 AM   #8
Mr Pink
LQ Newbie
 
Registered: Dec 2008
Posts: 23

Original Poster
Rep: Reputation: 0
Just to add if you find this thread while googling I have written a guide to ChrotDirectory + Openssh

http://www.willpink.co.uk/post/15527...t-with-openssh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] openssh 5.5, RHEL 5.4 (or centos 5), chroot jail Tinkster Red Hat 8 01-18-2012 07:26 PM
[SOLVED] openssh chroot passwd tappy Debian 2 06-22-2010 09:10 PM
OpenSSH 4.7+ chroot-ed SFTP and CentOS 5.3 iSpaZZZ^ Linux - Software 2 06-04-2010 09:51 AM
chroot jail w/ openssh problems goillini Linux - Security 15 07-14-2008 04:49 PM
Making openSSH chroot users tunedLow Linux - Networking 5 02-25-2003 04:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration