LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 01-21-2009, 09:53 PM   #1
acmeinc
Member
 
Registered: Aug 2008
Posts: 45

Rep: Reputation: 16
sFTP without SSH access


OK...

I would like to create a new FTP user, whom may use sFTP to connect, however I wish to deny them SSH access. Also, everything this FTP user does, must operate under my username. i.e. user1 logs in and uploads 100 files, these files are owned by mainuser, but also may be altered by user1. Got it

I have read a little about scponly, which seems like a possible route.

History
This question comes about as I may add FTP access to a user, whom may access all files within a certain folder, via my ftp program, ncftp. These users may only operate within there designated directory, and they operate under the main username, not there own. The only problem is they may not connect securely, via sFTP.

Any information will be greatly appreciated.
 
Old 01-22-2009, 06:28 AM   #2
rizhun
Member
 
Registered: Jun 2005
Location: England
Distribution: Ubuntu, SLES, AIX
Posts: 268

Rep: Reputation: 47
Hi,

First of all, sFTP == SSH + FTP. Meaning you MUST give SSH access to give sFTP access.

You need to look into "SSH chroot jails" to prevent users from destroying your system after you have given them SSH access or alternatively setup FTPS (FTP + SSL).

As for 2 users being able to edit a file, I suggest you setup a group. Make sure this new group is the sFTP users primary group and make sure you also belong to the group.

Then set the sFTP user's umask in his/her profile to create new files as group read/writeable.

Good luck!

Last edited by rizhun; 01-22-2009 at 06:30 AM.
 
Old 03-16-2009, 05:41 AM   #3
acmeinc
Member
 
Registered: Aug 2008
Posts: 45

Original Poster
Rep: Reputation: 16
I totally agree, the user must have SSH access, but very limited. And I have read about jailing. So I guess the next question is, could I use 'umask' to mask certain users to a specific username? Example:

user1_sub1 writes/reads/execs files as user1
 
Old 03-17-2009, 03:35 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by acmeinc
I have read a little about scponly, which seems like a possible route.
The scponly shell is a good choice. I've used it to solve similar problems to what you're describing.

Quote:
Originally Posted by rizhun
First of all, sFTP == SSH + FTP.
That's not quite right. Wikipedia has an illuminating, related entry on this topic:
http://en.wikipedia.org/wiki/Ftps
Quote:
FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from Secure FTP, the practice of tunneling FTP through an SSH connection.
Thus: sftp == ssh file transfer protocol (not the same as the original ftp protocol, but behaves somewhat similarly from an end-user perspective).

It's more than a semantic distinction; ftp is a different beast altogether.
 
  


Reply

Tags
ftp, sftp, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH access problems: Can only allow users SSH access by adding to root group dhupke Slackware 10 12-21-2008 10:48 AM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 01:40 PM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 01:00 PM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 11:00 AM
Need help configuring permissions to allow FTP access via SSH/SFTP. dhupke Linux - General 5 06-12-2007 01:26 PM


All times are GMT -5. The time now is 12:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration