Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-07-2017, 05:57 AM
|
#1
|
LQ Newbie
Registered: May 2017
Posts: 7
Rep:
|
Redhat linux 6.1: Permission denied while copying a file using sftp with root user
Hi,
I am trying to copy a file from my system to linux server using root user through sftp but am getting a dialogue box with following error.
"cannot create remote file
Permission denied.
Error code:3
Error message from server: Permission denied"
I get the same error if i try to edit a file.
OS version is RedHat linux 6.1, 2.6.32-131.0.15.el6.x86_64
I will appreciate any help in this regards.
Thanks
|
|
|
05-07-2017, 09:39 AM
|
#2
|
Senior Member
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,226
|
You have a server that allows SSH as root?
|
|
|
05-07-2017, 09:46 AM
|
#3
|
LQ Newbie
Registered: May 2017
Posts: 7
Original Poster
Rep:
|
Quote:
Originally Posted by smallpond
You have a server that allows SSH as root?
|
I don't think so but not sure about that but i am posting the configuration from sshd_config file here.
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
|
|
|
05-07-2017, 09:46 AM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331
|
Quote:
Originally Posted by sayub76
Hi,
I am trying to copy a file from my system to linux server using root user through sftp but am getting a dialogue box with following error.
"cannot create remote file Permission denied.
Error code:3 Error message from server: Permission denied"
I get the same error if i try to edit a file. OS version is RedHat linux 6.1, 2.6.32-131.0.15.el6.x86_64
|
As smallpond said...you allow network logins as root??? Unless you've modified the standard ssh configuration, logging in as root isn't allowed...that's why you get a permissions error. If you *DID* allow it, that's an incredibly bad idea, and there is absolutely NO REASON to do that.
Also, you say you're trying to copy a file using sftp...why not just use SCP instead? And a dialog box? What client are you using?? And most importantly, have you contacted Red Hat support and/or checked their knoweldgebase? Since you're paying for RHEL (RIGHT??), you have access to the Red Hat knowledgebase, which can answer much about SSH configuration on an RHEL server.
|
|
|
05-07-2017, 09:50 AM
|
#5
|
LQ Newbie
Registered: May 2017
Posts: 7
Original Poster
Rep:
|
Thanks for you reply.
Actually i was trying with another user which has access to some directories where i wanted to change files but could not so i tried using root user but no luck. Something looks wrong but don't know where.
From console using root login i can edit files but it does not allow me to edit using sftp client.
It's a requirement from the programmer that they use sftp and copy and delete some files through scripts.
|
|
|
05-07-2017, 09:58 AM
|
#6
|
LQ Newbie
Registered: May 2017
Posts: 7
Original Poster
Rep:
|
I found following configuration in sshd_config file
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
|
|
|
05-07-2017, 10:14 AM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331
|
Quote:
Originally Posted by sayub76
Thanks for you reply.
Actually i was trying with another user which has access to some directories where i wanted to change files but could not so i tried using root user but no luck. Something looks wrong but don't know where.
From console using root login i can edit files but it does not allow me to edit using sftp client. It's a requirement from the programmer that they use sftp and copy and delete some files through scripts.
|
AGAIN: logging in as root over the network is a HORRIBLY BAD IDEA, and should never be done, period. Secondly...you can't "edit files" with an FTP client. And your 'requirement from the programmer' is already done/working...what's the problem?? They can log in and copy/delete their own files as much as they want. And again, they can also use SCP to do this, with a keyswap, with no passwords.
Quote:
Originally Posted by sayub76
I found following configuration in sshd_config file
Code:
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
# for local sftp jailsetup
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
# setup for sftponly user group
Match Group sftponly
ChrootDirectory /ddrive/ftp/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
|
Right...so SFTP has been chroot'ed, so users can only see their own directories, nothing else, and root authentication isn't allowed (it's off by default). And again...have you contacted RHEL support and checked the knowledgebase?? Are you PAYING FOR RHEL???
|
|
|
05-07-2017, 10:43 AM
|
#8
|
LQ Newbie
Registered: May 2017
Posts: 7
Original Poster
Rep:
|
I am not sure about RHEL support, will check with DB guy.
We have two users let say User1 & User2.
User1 will right a file in some directory.
User2 will read the content of file and delete it(which is not happening in my case)
Both users are in different groups.(although i tried putting them in same group but issue still persists)
I have even tried changing permission for that directory to 777 but no success.
|
|
|
05-07-2017, 11:11 AM
|
#9
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331
|
Quote:
Originally Posted by sayub76
I am not sure about RHEL support, will check with DB guy.
|
DB guy??? Aren't YOU the administrator? Because if you're not, you sure won't be able to change anything on the system to make it work the way you want to...and if you ARE the administrator, you should know this.
Quote:
We have two users let say User1 & User2.
User1 will right a file in some directory.
User2 will read the content of file and delete it(which is not happening in my case)
Both users are in different groups.(although i tried putting them in same group but issue still persists) I have even tried changing permission for that directory to 777 but no success.
|
Right, because again, the only things they can see with SFTP is their own directories, period. That's how you have it configured in the sshd_config you posted. Again, you CANNOT EDIT a file with SFTP. You cannot 'read the content' of a file with an FTP client, unless you download it. How you're wanting this to work isn't making sense for an SFTP client at all. Use the right applications for the job.
Whoever is writing this application isn't doing a very good job of defining how things should work.
|
|
|
05-07-2017, 11:50 AM
|
#10
|
LQ Newbie
Registered: May 2017
Posts: 7
Original Poster
Rep:
|
I'm new to the company so don't have much information.
I used to work with Linux in the past but am not very good in advanced linux administration.
The task we need is very simple, as you said that users can see their own directories, this is what we need for two users that they can add or delete anything in their directories using a sftp client through script.
If a user has rwx access to a directory or owns a directory then why it cannot add/delete files in that directory? this doesn't make any sense.
I used Linux Gentoo before and i used to edit files using sftp clients without any issue.
Appreciate your help!
|
|
|
05-07-2017, 12:24 PM
|
#11
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,331
|
Quote:
Originally Posted by sayub76
I'm new to the company so don't have much information. I used to work with Linux in the past but am not very good in advanced linux administration.
|
Neither of those things matter; are you the administrator or not??? If you are, then use the RHEL support you're paying for. Again, as you've been told several times now, there is MUCH about SFTP on the Red Hat knowledgebase...have you looked at it????
Quote:
The task we need is very simple, as you said that users can see their own directories, this is what we need for two users that they can add or delete anything in their directories using a sftp client through script.
|
So then SFTP is working exactly as it should, and is exactly as you have it set up, based on your configuration. Then there is absolutely no problems with SFTP, based on what you posted.
Quote:
If a user has rwx access to a directory or owns a directory then why it cannot add/delete files in that directory? this doesn't make any sense.
|
Makes perfect sense. Again, as you were told before, you have configured SFTP to 'jail' your users. Using SFTP/FTP applies those permissions...LOCAL permissions to a directory don't come into play, since you're using the SFTP subsystem, and that takes precedence. AGAIN, if you use SCP (which you can still script for), you can easily do these things too, and use local permissions instead of FTP. Who has written this script, and what's the point of it? Can you post it? Because based on what you're saying, it seems like just using SSHFS and mounting a directory would do the same thing, and be FAR easier to use. Same with Samba or NFS, but sticking with SSH is easier.
Quote:
I used Linux Gentoo before and i used to edit files using sftp clients without any issue.
|
No, you did not ever edit any files with FTP/SFTP at all, ever. You may have DOWNLOADED the file and edited it, and the client you used may have done this behind the scenes, but you CANNOT (and have never been able to) edit files with FTP.
|
|
|
05-18-2017, 04:13 AM
|
#12
|
LQ Newbie
Registered: May 2017
Posts: 7
Original Poster
Rep:
|
After i disabled SELinux, issue is fixed.
|
|
|
All times are GMT -5. The time now is 07:10 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|