Ello all i am learning alot theae last few days about a few things and tonight i vame accross a question with vsftp.

If i uncomment the line in the config file on the server side that says something like "chroot-local-user = YES" i understand that it changes their root director to be their home dir3xtory rather than /. But here is my question, which home directory are they being restricted to? The one on their machine or a home folder on the server?

Next, what if a user needs a file outside of their homefolder? Lets say in the sales folder on the server, how do you allow access to that?

Last question, is there a sftp setup that allows the folowing for windows and or linux:

A shortcut to a networked folder(sales, advertising, products etc) on a users homescreen that resides on a sftp server, so when they place a file in that folder on their homeacreen(desktop), it is really placing it on the server.

Allow users to browse all directories under a single parent directory but not go past parent folder on something like winscp or natalus or other sftp client app like so:

Files
---Sales
---Advertising
---Products
.....Fidgets
.....Drills
.....3D printers
---Images
---Documents
.....Pdfs
.....Word docs

Each user needs access to all the above directories but not above the "Files" folder.

Also each user needs to have their own private "home" folder where they can store their own stuff to access via ssh at home or anywheres

Thank you so much. This will help me alot.

SFTP is different from FTP and FTPS. vsftpd provides the latter two. OpenSSH provides actual SFTP.


☞ If you are asking about FTP or FTPS, that is something else and maybe someone else can answer. FTP should not be used in 2018. But if you are looking into SFTP, read on:


a) As to the second part of the question, limiting SFTP visitors to a hierarchy of subfolders, that is done using chroot. And chroot is easiest in that context by also making the accounts SFTP-only.

See "man sshd_config" on the server and check the directives Match (Group), ChrootDirectory, and ForceCommand, as in:

The chroot directory needs to be owned by root and not writeable by anyone else or any other group. Therefor the -d is used to put the user in their own home director. You could do something similar for the hierarchy you desribe. Again, see "man sshd_config" over on the server.


b) Then once you have the SFTP service working as you like it, just go into the file manager on the client workstation and press ctrl-L to bring up the location bar and enter the URL there:

That method works with keys, too.

Once it connects you can make a shortcut in the file manager itself, but not the desktop as far as I know. I don't know if that option is available for legacy systems.

SSHFS should be available for all systems, though some may require a lot of work to get configured. That works over SFTP as well and would then allow you to place a folder anywhere on the client, including on the desktop, so that it provides a connection to the SFTP server.

Ah, ok, i think i understand what chroot is doing. When you create a new user on the sftp server, it also creates a home folder for them. Chroot just jails them to that home folder so they cant go galloping around my server.

Ok, with that in mind, chrooting them to their own home folder is great, now i just need to also have them acess that main parent directory called "files" that has all the sub directories under it, and be chrooted to "files" as well.

Which file manager are you speaking of? Oh and what if some of the useres are windows machines?

Thank you

Whatever your system has. That would probably be Nautilus or Thunar, but could really be other file manager just as well. They all support SFTP last I checked. It is so easy that most people miss it.

There is a short demo here:

https://www.youtube.com/watch?v=9S4DV1PluzA

Again that method works with keys not just passwords.

OS X users can use FileZilla or, with some work, sshfs.

I'm not sure about options for people still on legacy systems. I have heard that FileZilla runs there too, as does WinSCP. It might be possible to try sshfs there as well. This guide seems to imply so:

https://www.digitalocean.com/communi...stems-over-ssh

However, in the long run it would save a lot of wasted effort to upgrade them to Linux Mint or Ubuntu or something like that.

So i take it windows 10 is a legacy system?

Ill have to look into this sshfs thing you speak of

Can the configuration of the server be done in a gui rather than command line?

Thanks

Edit.

Ok, maybe there is a better way for the folders on the desktop option. It doesnt have to transfer them via sftp, unless they are outside the lan, then its useful, but if inside the lan, a shortcut to the server folder will do just fine like a mapped or shared folder type of thing

Not really. The settings are more than just on or off. You'd lose pretty much all of the precision and flexiblity by attempting to do so via a GUI. I should mention that M$ has spent a lot of money over the years to disparage the shell and teach people to be scared of the "command line" but if you get past all the fear spread by that money it's actually faster and easier and far more powerful than any GUI could ever be. It's certainly more precise as well. As an added bonus it can be done even over a slow, high-latency remote connection.

tldr; it's easier than it sounds

Anyway, if you set up SFTP now, there will be no added work later when you must extend access to beyond the LAN. Otherwise you must then set up and configure a VPN. The three virtues apply to system administration as much as programming.

https://www.nsoftware.com/netdrive/sftp/

Interesting product

Edit

Disnt see your other post. I dont mind cmd line, just so much typing haha. But thats ok.

I think i have found a solution. For inside the lan, i will have a shortcut folder to the server and then outside use the above link. Its basically what linux has allreqdy been doing for years haha. Or i might use that product for both inside lan and out.