Solved

openSuse SFTP, folder restriction

Posted on 2009-04-14
3
1,990 Views
Last Modified: 2013-12-05
I was tasked to setup an openSuse 11.1 SFTP server to replace an old Windows FTP server. I have the sftp server up and going but need to restrict users to a 'home directory'. I've followed the below steps but as soon as I move the user to the "sftp" group, the sFTP client (winSCP) wont allow them to login anymore, it just says "Authentication Failed: Network Error: Software caused connection abort.

If I take the user out of the sftp group, they can login without a problem (just not restricted to a folder)

http://blogs.techrepublic.com.com/opensource/?p=229

"To begin, ensure you have OpenSSH 4.9p1 or newer installed. Then edit /etc/ssh/sshd_config (/etc/sshd_config on some distributions) and set the following options:

Subsystem     sftp   internal-sftp

Match Group sftp

    ChrootDirectory %h

    ForceCommand internal-sftp

    AllowTcpForwarding no"

"# usermod -G sftp joe

# usermod -s /bin/false joe

# chown root:root /home/joe

# chmod 0755 /home/joe"
0
Comment
Question by:MMDeveloper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Author Comment

by:MMDeveloper
ID: 24140636
update, when I try to sftp via a command line I get these error messages:

fatal: bad ownership or modes for chroot directory component "/_data/"

/_data is a mount to another harddrive. Doing an "ls -l" shows that "root" owns all of /_data and it's contents. Just for S&G's I chmoded /_data and all of its contents to 777 (to remove any permission problems).

Each user has their custom home directory which is setup like this:

/_data/GIL/GIEB
/_data/GIL/GIFM
/_data/BAK/CBMW

etc etc... I want their home directories to be their "jailed" location but I keep getting these errors and I'm about to pull my hair out :(

0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24146275
Hi,
according to 'man sshd_config' the path pointed to by ChRootDirectory  (in sshd_config) and all its components, must be root-owned directories that are not writable by any other user or group.
I think in your case the clue is the "not-writeable by any other user or group" thing!
wmp

0
 
LVL 15

Author Closing Comment

by:MMDeveloper
ID: 31569955
I found my problem.... I was trying to "write" to the chroot directory (which was not allowed).. I had to create a subfolder IN the chroot directory for the users to write to.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction People like FTP.  It's a solid, stable, robust protocol for quickly transferring files between two hosts using TCP/IP.  In most cases it's much faster than SMB or CIFS, and certainly much easier to set up between organizations.  This…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question