LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-07-2017, 05:57 AM   #1
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Rep: Reputation: Disabled
Redhat linux 6.1: Permission denied while copying a file using sftp with root user


Hi,

I am trying to copy a file from my system to linux server using root user through sftp but am getting a dialogue box with following error.


"cannot create remote file
Permission denied.
Error code:3
Error message from server: Permission denied"

I get the same error if i try to edit a file.
OS version is RedHat linux 6.1, 2.6.32-131.0.15.el6.x86_64

I will appreciate any help in this regards.
Thanks
 
Old 05-07-2017, 09:39 AM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,226

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
You have a server that allows SSH as root?
 
Old 05-07-2017, 09:46 AM   #3
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by smallpond View Post
You have a server that allows SSH as root?
I don't think so but not sure about that but i am posting the configuration from sshd_config file here.

# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server

# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
 
Old 05-07-2017, 09:46 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331

Rep: Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089
Quote:
Originally Posted by sayub76 View Post
Hi,
I am trying to copy a file from my system to linux server using root user through sftp but am getting a dialogue box with following error.

"cannot create remote file Permission denied.
Error code:3 Error message from server: Permission denied"

I get the same error if i try to edit a file. OS version is RedHat linux 6.1, 2.6.32-131.0.15.el6.x86_64
As smallpond said...you allow network logins as root??? Unless you've modified the standard ssh configuration, logging in as root isn't allowed...that's why you get a permissions error. If you *DID* allow it, that's an incredibly bad idea, and there is absolutely NO REASON to do that.

Also, you say you're trying to copy a file using sftp...why not just use SCP instead? And a dialog box? What client are you using?? And most importantly, have you contacted Red Hat support and/or checked their knoweldgebase? Since you're paying for RHEL (RIGHT??), you have access to the Red Hat knowledgebase, which can answer much about SSH configuration on an RHEL server.
 
Old 05-07-2017, 09:50 AM   #5
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks for you reply.

Actually i was trying with another user which has access to some directories where i wanted to change files but could not so i tried using root user but no luck. Something looks wrong but don't know where.

From console using root login i can edit files but it does not allow me to edit using sftp client.

It's a requirement from the programmer that they use sftp and copy and delete some files through scripts.
 
Old 05-07-2017, 09:58 AM   #6
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
I found following configuration in sshd_config file


# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server

# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
 
Old 05-07-2017, 10:14 AM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331

Rep: Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089
Quote:
Originally Posted by sayub76 View Post
Thanks for you reply.
Actually i was trying with another user which has access to some directories where i wanted to change files but could not so i tried using root user but no luck. Something looks wrong but don't know where.

From console using root login i can edit files but it does not allow me to edit using sftp client. It's a requirement from the programmer that they use sftp and copy and delete some files through scripts.
AGAIN: logging in as root over the network is a HORRIBLY BAD IDEA, and should never be done, period. Secondly...you can't "edit files" with an FTP client. And your 'requirement from the programmer' is already done/working...what's the problem?? They can log in and copy/delete their own files as much as they want. And again, they can also use SCP to do this, with a keyswap, with no passwords.
Quote:
Originally Posted by sayub76
I found following configuration in sshd_config file
Code:
# override default of no subsystems
#Subsystem	sftp	/usr/libexec/openssh/sftp-server

# for local sftp jailsetup
Subsystem	sftp	internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server

# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
Right...so SFTP has been chroot'ed, so users can only see their own directories, nothing else, and root authentication isn't allowed (it's off by default). And again...have you contacted RHEL support and checked the knowledgebase?? Are you PAYING FOR RHEL???
 
Old 05-07-2017, 10:43 AM   #8
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
I am not sure about RHEL support, will check with DB guy.

We have two users let say User1 & User2.
User1 will right a file in some directory.
User2 will read the content of file and delete it(which is not happening in my case)

Both users are in different groups.(although i tried putting them in same group but issue still persists)

I have even tried changing permission for that directory to 777 but no success.
 
Old 05-07-2017, 11:11 AM   #9
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331

Rep: Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089
Quote:
Originally Posted by sayub76 View Post
I am not sure about RHEL support, will check with DB guy.
DB guy??? Aren't YOU the administrator? Because if you're not, you sure won't be able to change anything on the system to make it work the way you want to...and if you ARE the administrator, you should know this.
Quote:
We have two users let say User1 & User2.
User1 will right a file in some directory.
User2 will read the content of file and delete it(which is not happening in my case)

Both users are in different groups.(although i tried putting them in same group but issue still persists) I have even tried changing permission for that directory to 777 but no success.
Right, because again, the only things they can see with SFTP is their own directories, period. That's how you have it configured in the sshd_config you posted. Again, you CANNOT EDIT a file with SFTP. You cannot 'read the content' of a file with an FTP client, unless you download it. How you're wanting this to work isn't making sense for an SFTP client at all. Use the right applications for the job.

Whoever is writing this application isn't doing a very good job of defining how things should work.
 
Old 05-07-2017, 11:50 AM   #10
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
I'm new to the company so don't have much information.
I used to work with Linux in the past but am not very good in advanced linux administration.

The task we need is very simple, as you said that users can see their own directories, this is what we need for two users that they can add or delete anything in their directories using a sftp client through script.

If a user has rwx access to a directory or owns a directory then why it cannot add/delete files in that directory? this doesn't make any sense.

I used Linux Gentoo before and i used to edit files using sftp clients without any issue.

Appreciate your help!
 
Old 05-07-2017, 12:24 PM   #11
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331

Rep: Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089Reputation: 8089
Quote:
Originally Posted by sayub76 View Post
I'm new to the company so don't have much information. I used to work with Linux in the past but am not very good in advanced linux administration.
Neither of those things matter; are you the administrator or not??? If you are, then use the RHEL support you're paying for. Again, as you've been told several times now, there is MUCH about SFTP on the Red Hat knowledgebase...have you looked at it????
Quote:
The task we need is very simple, as you said that users can see their own directories, this is what we need for two users that they can add or delete anything in their directories using a sftp client through script.
So then SFTP is working exactly as it should, and is exactly as you have it set up, based on your configuration. Then there is absolutely no problems with SFTP, based on what you posted.
Quote:
If a user has rwx access to a directory or owns a directory then why it cannot add/delete files in that directory? this doesn't make any sense.
Makes perfect sense. Again, as you were told before, you have configured SFTP to 'jail' your users. Using SFTP/FTP applies those permissions...LOCAL permissions to a directory don't come into play, since you're using the SFTP subsystem, and that takes precedence. AGAIN, if you use SCP (which you can still script for), you can easily do these things too, and use local permissions instead of FTP. Who has written this script, and what's the point of it? Can you post it? Because based on what you're saying, it seems like just using SSHFS and mounting a directory would do the same thing, and be FAR easier to use. Same with Samba or NFS, but sticking with SSH is easier.
Quote:
I used Linux Gentoo before and i used to edit files using sftp clients without any issue.
No, you did not ever edit any files with FTP/SFTP at all, ever. You may have DOWNLOADED the file and edited it, and the client you used may have done this behind the scenes, but you CANNOT (and have never been able to) edit files with FTP.
 
Old 05-18-2017, 04:13 AM   #12
sayub76
LQ Newbie
 
Registered: May 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
After i disabled SELinux, issue is fixed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] permission denied root user cmoore90638 Linux - Laptop and Netbook 2 07-04-2016 03:49 AM
Permission denied for root user shujja Linux - Newbie 9 10-28-2014 09:32 PM
Linux client -> Linux server 'Permission denied' when copying file to samba share spengilley Linux - Networking 2 05-02-2011 11:11 AM
permission denied as root user tuluks SUSE / openSUSE 6 12-18-2006 02:53 AM
whatever a non-root user does, he gets 'permission denied'. boazg Linux - Software 2 08-05-2005 09:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration