Solved

openSuse SFTP, folder restriction

Posted on 2009-04-14
3
1,994 Views
Last Modified: 2013-12-05
I was tasked to setup an openSuse 11.1 SFTP server to replace an old Windows FTP server. I have the sftp server up and going but need to restrict users to a 'home directory'. I've followed the below steps but as soon as I move the user to the "sftp" group, the sFTP client (winSCP) wont allow them to login anymore, it just says "Authentication Failed: Network Error: Software caused connection abort.

If I take the user out of the sftp group, they can login without a problem (just not restricted to a folder)

http://blogs.techrepublic.com.com/opensource/?p=229

"To begin, ensure you have OpenSSH 4.9p1 or newer installed. Then edit /etc/ssh/sshd_config (/etc/sshd_config on some distributions) and set the following options:

Subsystem     sftp   internal-sftp

Match Group sftp

    ChrootDirectory %h

    ForceCommand internal-sftp

    AllowTcpForwarding no"

"# usermod -G sftp joe

# usermod -s /bin/false joe

# chown root:root /home/joe

# chmod 0755 /home/joe"
0
Comment
Question by:MMDeveloper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Author Comment

by:MMDeveloper
ID: 24140636
update, when I try to sftp via a command line I get these error messages:

fatal: bad ownership or modes for chroot directory component "/_data/"

/_data is a mount to another harddrive. Doing an "ls -l" shows that "root" owns all of /_data and it's contents. Just for S&G's I chmoded /_data and all of its contents to 777 (to remove any permission problems).

Each user has their custom home directory which is setup like this:

/_data/GIL/GIEB
/_data/GIL/GIFM
/_data/BAK/CBMW

etc etc... I want their home directories to be their "jailed" location but I keep getting these errors and I'm about to pull my hair out :(

0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24146275
Hi,
according to 'man sshd_config' the path pointed to by ChRootDirectory  (in sshd_config) and all its components, must be root-owned directories that are not writable by any other user or group.
I think in your case the clue is the "not-writeable by any other user or group" thing!
wmp

0
 
LVL 15

Author Closing Comment

by:MMDeveloper
ID: 31569955
I found my problem.... I was trying to "write" to the chroot directory (which was not allowed).. I had to create a subfolder IN the chroot directory for the users to write to.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question