Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Good afternoon! I am totally new and I do not have much idea about some things. I put you in a situation, I have a VPS with Ubuntu 14.04, recently I had some security problems for certain users that, of course, are already solved. The fact is that since then, I want to have more security, so I opted to cage the invited users so they can only use their / home. So far so good, I used a tutorial (https://gnupatagonia.com.ar/enjaular-usuarios-sftp/) and the truth is, quite simple. The problem is this: I would like Guest Users to also have access to the console (shell) but I want them to only have access to their / home too.
I have Webmin, I looked at the configuration of the users and for example, I changed the type of shell, since with the command that I used it was put in / bin / false. I edited it and set it in / bin / dash and it did not work, I kept testing with / bin / sh and neither, I did not see much hope.
When you modified the user's login shell, did you also supply the ~/.profile and ~/.<shell>rc files? (I don't know what sh uses, it would be ~/.bashrc if the login shell was bash)?
You can also specify the home directory in webmin. It's apparently not set correctly for the user and/or it has the wrong permissions. (Linux will say "No such file or directory" when the file or directory exists, but the user doesn't have permissions to see it)
Does the home directory exist? What are it's permissions?
I use this command to create the user;
sudo useradd -g usuariossftp -s /bin/false -d /home/sftp/usuario1 usuario1
sudo passwd usuario
I give all permission to the directory's user with this:
sudo mkdir /home/sftp/usuario1/archivos
sudo chown usuario1:usuariossftp /home/sftp/usuario1/archivos
And yes, it work perfectly, he only can upload, download or remove files if they are on him directory.
I know that with -s /bin/false he can't use the shell, but if I change it to -s /bin/dash or something like this, he can't open a SFTP channel, and the shell can't use too.
I dont understand what do you mean with: ~/.profile and ~/.<shell>rc files?
I use this command to create the user;
sudo useradd -g usuariossftp -s /bin/false -d /home/sftp/usuario1 usuario1
sudo passwd usuario
I give all permission to the directory's user with this:
sudo mkdir /home/sftp/usuario1/archivos
sudo chown usuario1:usuariossftp /home/sftp/usuario1/archivos
And yes, it work perfectly, he only can upload, download or remove files if they are on him directory.
I know that with -s /bin/false he can't use the shell, but if I change it to -s /bin/dash or something like this, he can't open a SFTP channel, and the shell can't use too.
I dont understand what do you mean with: ~/.profile and ~/.<shell>rc files?
I'm pretty sure one can't access the shell via sftp. Is that what you're trying to configure?
It looks like you've set the users home directory to /home/sftp/usuario1
But then configured the directory /home/sftp/usuario1/archivos
Who owns /home/sftp/usuario1?
The user's home directory is the same for both ssh and sftp...I think.
Shell home directories usually contain a .profile and/or a .somethingrc file (for bash, it's .bashrc) that set up the environment. Are those present in the home directory?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.