LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Redhat linux 6.1: Permission denied while copying a file using sftp with root user (https://www.linuxquestions.org/questions/linux-newbie-8/redhat-linux-6-1-permission-denied-while-copying-a-file-using-sftp-with-root-user-4175605420/)

sayub76 05-07-2017 04:57 AM
Redhat linux 6.1: Permission denied while copying a file using sftp with root user
 
Hi,

I am trying to copy a file from my system to linux server using root user through sftp but am getting a dialogue box with following error.


"cannot create remote file
Permission denied.
Error code:3
Error message from server: Permission denied"

I get the same error if i try to edit a file.
OS version is RedHat linux 6.1, 2.6.32-131.0.15.el6.x86_64

I will appreciate any help in this regards.
Thanks

smallpond 05-07-2017 08:39 AM
You have a server that allows SSH as root?

sayub76 05-07-2017 08:46 AM
Quote:
Originally Posted by smallpond (Post 5707362)
You have a server that allows SSH as root?
I don't think so but not sure about that but i am posting the configuration from sshd_config file here.

# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server

# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp

TB0ne 05-07-2017 08:46 AM
Quote:
Originally Posted by sayub76 (Post 5707309)
Hi,
I am trying to copy a file from my system to linux server using root user through sftp but am getting a dialogue box with following error.

"cannot create remote file Permission denied.
Error code:3 Error message from server: Permission denied"

I get the same error if i try to edit a file. OS version is RedHat linux 6.1, 2.6.32-131.0.15.el6.x86_64
As smallpond said...you allow network logins as root??? Unless you've modified the standard ssh configuration, logging in as root isn't allowed...that's why you get a permissions error. If you *DID* allow it, that's an incredibly bad idea, and there is absolutely NO REASON to do that.

Also, you say you're trying to copy a file using sftp...why not just use SCP instead? And a dialog box? What client are you using?? And most importantly, have you contacted Red Hat support and/or checked their knoweldgebase? Since you're paying for RHEL (RIGHT??), you have access to the Red Hat knowledgebase, which can answer much about SSH configuration on an RHEL server.

sayub76 05-07-2017 08:50 AM
Thanks for you reply.

Actually i was trying with another user which has access to some directories where i wanted to change files but could not so i tried using root user but no luck. Something looks wrong but don't know where.

From console using root login i can edit files but it does not allow me to edit using sftp client.

It's a requirement from the programmer that they use sftp and copy and delete some files through scripts.

sayub76 05-07-2017 08:58 AM
I found following configuration in sshd_config file


# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server

# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp

TB0ne 05-07-2017 09:14 AM
Quote:
Originally Posted by sayub76 (Post 5707369)
Thanks for you reply.
Actually i was trying with another user which has access to some directories where i wanted to change files but could not so i tried using root user but no luck. Something looks wrong but don't know where.

From console using root login i can edit files but it does not allow me to edit using sftp client. It's a requirement from the programmer that they use sftp and copy and delete some files through scripts.
AGAIN: logging in as root over the network is a HORRIBLY BAD IDEA, and should never be done, period. Secondly...you can't "edit files" with an FTP client. And your 'requirement from the programmer' is already done/working...what's the problem?? They can log in and copy/delete their own files as much as they want. And again, they can also use SCP to do this, with a keyswap, with no passwords.
Quote:
Originally Posted by sayub76
I found following configuration in sshd_config file
Code:
# override default of no subsystems
#Subsystem        sftp        /usr/libexec/openssh/sftp-server

# for local sftp jailsetup
Subsystem        sftp        internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
#        X11Forwarding no
#        AllowTcpForwarding no
#        ForceCommand cvs server

# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
Right...so SFTP has been chroot'ed, so users can only see their own directories, nothing else, and root authentication isn't allowed (it's off by default). And again...have you contacted RHEL support and checked the knowledgebase?? Are you PAYING FOR RHEL???

sayub76 05-07-2017 09:43 AM
I am not sure about RHEL support, will check with DB guy.

We have two users let say User1 & User2.
User1 will right a file in some directory.
User2 will read the content of file and delete it(which is not happening in my case)

Both users are in different groups.(although i tried putting them in same group but issue still persists)

I have even tried changing permission for that directory to 777 but no success.

TB0ne 05-07-2017 10:11 AM
Quote:
Originally Posted by sayub76 (Post 5707395)
I am not sure about RHEL support, will check with DB guy.
DB guy??? Aren't YOU the administrator? Because if you're not, you sure won't be able to change anything on the system to make it work the way you want to...and if you ARE the administrator, you should know this.
Quote:
We have two users let say User1 & User2.
User1 will right a file in some directory.
User2 will read the content of file and delete it(which is not happening in my case)

Both users are in different groups.(although i tried putting them in same group but issue still persists) I have even tried changing permission for that directory to 777 but no success.
Right, because again, the only things they can see with SFTP is their own directories, period. That's how you have it configured in the sshd_config you posted. Again, you CANNOT EDIT a file with SFTP. You cannot 'read the content' of a file with an FTP client, unless you download it. How you're wanting this to work isn't making sense for an SFTP client at all. Use the right applications for the job.

Whoever is writing this application isn't doing a very good job of defining how things should work.

sayub76 05-07-2017 10:50 AM
I'm new to the company so don't have much information.
I used to work with Linux in the past but am not very good in advanced linux administration.

The task we need is very simple, as you said that users can see their own directories, this is what we need for two users that they can add or delete anything in their directories using a sftp client through script.

If a user has rwx access to a directory or owns a directory then why it cannot add/delete files in that directory? this doesn't make any sense.

I used Linux Gentoo before and i used to edit files using sftp clients without any issue.

Appreciate your help!

TB0ne 05-07-2017 11:24 AM
Quote:
Originally Posted by sayub76 (Post 5707426)
I'm new to the company so don't have much information. I used to work with Linux in the past but am not very good in advanced linux administration.
Neither of those things matter; are you the administrator or not??? If you are, then use the RHEL support you're paying for. Again, as you've been told several times now, there is MUCH about SFTP on the Red Hat knowledgebase...have you looked at it????
Quote:
The task we need is very simple, as you said that users can see their own directories, this is what we need for two users that they can add or delete anything in their directories using a sftp client through script.
So then SFTP is working exactly as it should, and is exactly as you have it set up, based on your configuration. Then there is absolutely no problems with SFTP, based on what you posted.
Quote:
If a user has rwx access to a directory or owns a directory then why it cannot add/delete files in that directory? this doesn't make any sense.
Makes perfect sense. Again, as you were told before, you have configured SFTP to 'jail' your users. Using SFTP/FTP applies those permissions...LOCAL permissions to a directory don't come into play, since you're using the SFTP subsystem, and that takes precedence. AGAIN, if you use SCP (which you can still script for), you can easily do these things too, and use local permissions instead of FTP. Who has written this script, and what's the point of it? Can you post it? Because based on what you're saying, it seems like just using SSHFS and mounting a directory would do the same thing, and be FAR easier to use. Same with Samba or NFS, but sticking with SSH is easier.
Quote:
I used Linux Gentoo before and i used to edit files using sftp clients without any issue.
No, you did not ever edit any files with FTP/SFTP at all, ever. You may have DOWNLOADED the file and edited it, and the client you used may have done this behind the scenes, but you CANNOT (and have never been able to) edit files with FTP.

sayub76 05-18-2017 03:13 AM
After i disabled SELinux, issue is fixed.


All times are GMT -5. The time now is 03:39 AM.