Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello Everyone
My Name is James, am a new user in this forum.
I have one issue related the SFTP, I want to enable SFTP access for root user only, other user only access the server by using putty only. Is it possible to restricted the access of other user for SFTP, If yes please let me know.
First thing that comes to mind: what you're doing is a **VERY BAD IDEA**. The root user should NEVER be allowed network access, period, to anything. There's just no reason to do it.
You can change the sftp subsystem to be "internal-sftp", and add:
Code:
Match Group sftpusers
AllowTcpForwarding no
ChrootDirectory %h
ForceCommand internal-sftp
..to the bottom of the sshd_config file, and restart the service. Create a group called "sftpusers", and use the usermod command to add whatever users you want to it. Now, whatever users you add to that group will be able to sftp to their home directories only. Again, allowing root to do ANYTHING over the network is incredibly bad and insecure, and there is zero reason to do it; systems security shouldn't be compromised for something like this.
Thanks for your reply, i will follow the steps and let you know.
Sorry, but did you not read the entirety of the first reply??
You were asked what your goal was...what are you trying to accomplish by doing this? Why??? There are probably FAR better ways of doing things than allowing root network access. And to reiterate: allowing root access for ANYTHING over the network is **A VERY BAD IDEA**, and there is zero reason to do it.
I did a web application and its hosted in Linux web server.
I dont want to show the code other employee, that's why i make other user they can only access the particular directory and access some particular Linux commands, for uploading code and data i will give them sftp access
I did a web application and its hosted in Linux web server.
I dont want to show the code other employee, that's why i make other user they can only access the particular directory and access some particular Linux commands, for uploading code and data i will give them sftp access
There is absolutely no way you're a Linux administrator or senior web developer.
If you are were truly an administrator, you should know that allowing root over the network is horribly bad. And as a senior web developer, you should ALSO know that uploading files owned by root to a web server could cause issues, not to mention the fact that you have NO ROLLBACK in place for your web server, should bad code get uploaded.
Quote:
I did a web application and its hosted in Linux web server. I dont want to show the code other employee, that's why i make other user they can only access the particular directory and access some particular Linux commands, for uploading code and data i will give them sftp access
And what you say here makes no sense. If you give them root access to upload, they HAVE ROOT ACCESS. They can upload ANYTHING...with ANY executable to your server, have it run as root, and do ANYTHING THEY WANT. You say you don't want to show the code to other employees...so giving them root access lets them DOWNLOAD ANYTHING THEY WANT, and look at it also.
The sudo command is used to restrict what users can run what commands. It would be FAR better to create an FTP only user, that uploads to a different directory other than your web server root. And rtmistler also suggested Git, which is an excellent choice as well, since it lets you see who did what, when, and lets you roll back changes.
How dare you pass wrong comment and give the bad review of other people knowledge. Do you know anything about me and do you know my experience and my knowledge.
I just ask a single question and you dint provide me the proper solution and you passed wrong comment and all.
if you have knowledge give me the proper solutions else alternative way . This is final warrning you dont talk in wrong way else you know what i am saying.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.