Solved

openSuse SFTP, folder restriction

Posted on 2009-04-14
3
1,970 Views
Last Modified: 2013-12-05
I was tasked to setup an openSuse 11.1 SFTP server to replace an old Windows FTP server. I have the sftp server up and going but need to restrict users to a 'home directory'. I've followed the below steps but as soon as I move the user to the "sftp" group, the sFTP client (winSCP) wont allow them to login anymore, it just says "Authentication Failed: Network Error: Software caused connection abort.

If I take the user out of the sftp group, they can login without a problem (just not restricted to a folder)

http://blogs.techrepublic.com.com/opensource/?p=229

"To begin, ensure you have OpenSSH 4.9p1 or newer installed. Then edit /etc/ssh/sshd_config (/etc/sshd_config on some distributions) and set the following options:

Subsystem     sftp   internal-sftp

Match Group sftp

    ChrootDirectory %h

    ForceCommand internal-sftp

    AllowTcpForwarding no"

"# usermod -G sftp joe

# usermod -s /bin/false joe

# chown root:root /home/joe

# chmod 0755 /home/joe"
0
Comment
Question by:MMDeveloper
  • 2
3 Comments
 
LVL 15

Author Comment

by:MMDeveloper
ID: 24140636
update, when I try to sftp via a command line I get these error messages:

fatal: bad ownership or modes for chroot directory component "/_data/"

/_data is a mount to another harddrive. Doing an "ls -l" shows that "root" owns all of /_data and it's contents. Just for S&G's I chmoded /_data and all of its contents to 777 (to remove any permission problems).

Each user has their custom home directory which is setup like this:

/_data/GIL/GIEB
/_data/GIL/GIFM
/_data/BAK/CBMW

etc etc... I want their home directories to be their "jailed" location but I keep getting these errors and I'm about to pull my hair out :(

0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24146275
Hi,
according to 'man sshd_config' the path pointed to by ChRootDirectory  (in sshd_config) and all its components, must be root-owned directories that are not writable by any other user or group.
I think in your case the clue is the "not-writeable by any other user or group" thing!
wmp

0
 
LVL 15

Author Closing Comment

by:MMDeveloper
ID: 31569955
I found my problem.... I was trying to "write" to the chroot directory (which was not allowed).. I had to create a subfolder IN the chroot directory for the users to write to.
0

Featured Post

How to Backup Ubuntu to Amazon S3

CloudBerry Backup offers automatic cloud backup and restoration for Linux. It has both GUI and command line interface (CLI) ensuring its flexibility in use. Find out more

Join & Write a Comment

Problem: Windows 32bit running out of paging space. Solution: Add additional page files on separate partitions. Background: By default Windows creates only one page file on the partition you install Windows on. You may know that the maximu…
Have you ever stumbled upon a software that is so great that you just love? It happened to me. Love at first sight. Filezilla Server.   Ok its not the most advanced ftp server I've came across. But its a fairly simple piece of software to get the …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now