Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ello all i am learning alot theae last few days about a few things and tonight i vame accross a question with vsftp.
If i uncomment the line in the config file on the server side that says something like "chroot-local-user = YES" i understand that it changes their root director to be their home dir3xtory rather than /. But here is my question, which home directory are they being restricted to? The one on their machine or a home folder on the server?
Next, what if a user needs a file outside of their homefolder? Lets say in the sales folder on the server, how do you allow access to that?
Last question, is there a sftp setup that allows the folowing for windows and or linux:
A shortcut to a networked folder(sales, advertising, products etc) on a users homescreen that resides on a sftp server, so when they place a file in that folder on their homeacreen(desktop), it is really placing it on the server.
Allow users to browse all directories under a single parent directory but not go past parent folder on something like winscp or natalus or other sftp client app like so:
Last question, is there a sftp setup that allows the folowing for windows and or linux:
SFTP is different from FTP and FTPS. vsftpd provides the latter two. OpenSSH provides actual SFTP.
☞ If you are asking about FTP or FTPS, that is something else and maybe someone else can answer. FTP should not be used in 2018. But if you are looking into SFTP, read on:
a) As to the second part of the question, limiting SFTP visitors to a hierarchy of subfolders, that is done using chroot. And chroot is easiest in that context by also making the accounts SFTP-only.
See "man sshd_config" on the server and check the directives Match (Group), ChrootDirectory, and ForceCommand, as in:
Code:
Match Group sftpusers
ChrootDirectory /home/
ForceCommand internal-sftp -d %u
X11Forwarding no
AllowTcpForwarding no
The chroot directory needs to be owned by root and not writeable by anyone else or any other group. Therefor the -d is used to put the user in their own home director. You could do something similar for the hierarchy you desribe. Again, see "man sshd_config" over on the server.
b) Then once you have the SFTP service working as you like it, just go into the file manager on the client workstation and press ctrl-L to bring up the location bar and enter the URL there:
Code:
sftp://LT72884@sftpserver.example.com/
That method works with keys, too.
Once it connects you can make a shortcut in the file manager itself, but not the desktop as far as I know. I don't know if that option is available for legacy systems.
SSHFS should be available for all systems, though some may require a lot of work to get configured. That works over SFTP as well and would then allow you to place a folder anywhere on the client, including on the desktop, so that it provides a connection to the SFTP server.
Ah, ok, i think i understand what chroot is doing. When you create a new user on the sftp server, it also creates a home folder for them. Chroot just jails them to that home folder so they cant go galloping around my server.
Ok, with that in mind, chrooting them to their own home folder is great, now i just need to also have them acess that main parent directory called "files" that has all the sub directories under it, and be chrooted to "files" as well.
Which file manager are you speaking of? Oh and what if some of the useres are windows machines?
Whatever your system has. That would probably be Nautilus or Thunar, but could really be other file manager just as well. They all support SFTP last I checked. It is so easy that most people miss it.
Again that method works with keys not just passwords.
OS X users can use FileZilla or, with some work, sshfs.
I'm not sure about options for people still on legacy systems. I have heard that FileZilla runs there too, as does WinSCP. It might be possible to try sshfs there as well. This guide seems to imply so:
Ill have to look into this sshfs thing you speak of
Can the configuration of the server be done in a gui rather than command line?
Thanks
Edit.
Ok, maybe there is a better way for the folders on the desktop option. It doesnt have to transfer them via sftp, unless they are outside the lan, then its useful, but if inside the lan, a shortcut to the server folder will do just fine like a mapped or shared folder type of thing
Can the configuration of the server be done in a gui rather than command line?
Not really. The settings are more than just on or off. You'd lose pretty much all of the precision and flexiblity by attempting to do so via a GUI. I should mention that M$ has spent a lot of money over the years to disparage the shell and teach people to be scared of the "command line" but if you get past all the fear spread by that money it's actually faster and easier and far more powerful than any GUI could ever be. It's certainly more precise as well. As an added bonus it can be done even over a slow, high-latency remote connection.
tldr; it's easier than it sounds
Anyway, if you set up SFTP now, there will be no added work later when you must extend access to beyond the LAN. Otherwise you must then set up and configure a VPN. The three virtues apply to system administration as much as programming.
Disnt see your other post. I dont mind cmd line, just so much typing haha. But thats ok.
I think i have found a solution. For inside the lan, i will have a shortcut folder to the server and then outside use the above link. Its basically what linux has allreqdy been doing for years haha. Or i might use that product for both inside lan and out.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.