LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page sftp user restrictions [RESOLVED]
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-26-2015, 01:28 PM   #1
packetsmacker
Member
 
Registered: Jun 2006
Posts: 68

Rep: Reputation: 15
sftp user restrictions [RESOLVED]

I have a user set up to sftp into a server. I have set their shell to /bin/false and they cannot ssh into the server.

Once they sftp into the server they can do move around more then I want them to. Is there a way to keep them in the dir. I have the follow config in my sshd_config



Subsystem sftp internal-sftp -l VERBOSE

Match group sftponly
ChrootDirectory /chroot
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp


Based on a doc on the Redhat site i did the following

mkdir -p /chroot/ftp
mkdir /ftp
mount -o bind /ftp /chroot/ftp



The users home dir is set to /ftp
Last edited by packetsmacker; 08-26-2015 at 04:06 PM. Reason: so people could see it was resolved
 
Old 08-26-2015, 01:37 PM   #2
HMW
Member
 
Registered: Aug 2013
Location: Sweden
Distribution: Debian, Arch, Red Hat, CentOS
Posts: 773
Blog Entries: 3

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
This is a very good guide that ought to cover your needs:
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

Best regards,
HMW
 
Old 08-26-2015, 04:06 PM   #3
packetsmacker
Member
 
Registered: Jun 2006
Posts: 68

Original Poster
Rep: Reputation: 15
Thanks that link was what I needed. The only thing I would add to that link is looking at selinux log if you have issue writing to the directory. I don't know if they disabled selinux for the tutorial but I had to run the following command based on the audit.log.

setsebool -P ssh_chroot_full_acccess 1
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to SFTP with a user made for only to perform SFTP raj2arora2009 Linux - Security 1 04-10-2012 07:23 AM
[SOLVED] SSH, SFTP Restrictions Fracker Linux - Security 5 05-04-2011 07:05 PM
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 08:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:48 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration