Unix & Linux Asked by tshepang on October 30, 2020
If a user logs into a machine via SFTP, one can make use of ChrootDirectory keyword to give an illusion that user is in a root directory. But that directory is only writable by root user. I would love for this user to have such write capabilities, and it doesn’t appear that OpenSSH offers this, unless I missed something?
I am aware that that SFTP user can be given write access to any file/directory inside that ChrootDirectory, but it’s not good enough. I want the user to also create/delete the files directly under that “root” directory, without the workaround of creating a subdirectory that that user has write access to.
I ran into the same problem with my in-house SFTP. What I did to get around this is:
Inside your sshd_config file:
Match group sftpusers
ChrootDirectory %h
Inside your /etc/groups file, add your sftp user to the sftpusers group (create it if it doesn't exist):
sftpusers:x:6000:user1,user2
For the ChrootDirectory, make sure you chown the directory to the following (warning be-careful of the directory that you are running this command on, make sure it is being run only on the directory that the user logs into, the -R commend means recursive, so if there are subfolder you do not wish this to command to include, remove it. Also a SFTP user should never be given access to a root level system directory like /etc, best to make a folder under something like /usr/local/alcatraz and give them access to that):
chown -R root:sftpusers userChrootDirectory
Chmod the directory to have the permission you desire, something like:
drwxrws---
If you require more information, let me know, this is just the highlights, that should get you to where you want to be.
Answered by devnull on October 30, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP