Solved

openSuse SFTP, folder restriction

Posted on 2009-04-14
3
1,978 Views
Last Modified: 2013-12-05
I was tasked to setup an openSuse 11.1 SFTP server to replace an old Windows FTP server. I have the sftp server up and going but need to restrict users to a 'home directory'. I've followed the below steps but as soon as I move the user to the "sftp" group, the sFTP client (winSCP) wont allow them to login anymore, it just says "Authentication Failed: Network Error: Software caused connection abort.

If I take the user out of the sftp group, they can login without a problem (just not restricted to a folder)

http://blogs.techrepublic.com.com/opensource/?p=229

"To begin, ensure you have OpenSSH 4.9p1 or newer installed. Then edit /etc/ssh/sshd_config (/etc/sshd_config on some distributions) and set the following options:

Subsystem     sftp   internal-sftp

Match Group sftp

    ChrootDirectory %h

    ForceCommand internal-sftp

    AllowTcpForwarding no"

"# usermod -G sftp joe

# usermod -s /bin/false joe

# chown root:root /home/joe

# chmod 0755 /home/joe"
0
Comment
Question by:MMDeveloper
  • 2
3 Comments
 
LVL 15

Author Comment

by:MMDeveloper
ID: 24140636
update, when I try to sftp via a command line I get these error messages:

fatal: bad ownership or modes for chroot directory component "/_data/"

/_data is a mount to another harddrive. Doing an "ls -l" shows that "root" owns all of /_data and it's contents. Just for S&G's I chmoded /_data and all of its contents to 777 (to remove any permission problems).

Each user has their custom home directory which is setup like this:

/_data/GIL/GIEB
/_data/GIL/GIFM
/_data/BAK/CBMW

etc etc... I want their home directories to be their "jailed" location but I keep getting these errors and I'm about to pull my hair out :(

0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24146275
Hi,
according to 'man sshd_config' the path pointed to by ChRootDirectory  (in sshd_config) and all its components, must be root-owned directories that are not writable by any other user or group.
I think in your case the clue is the "not-writeable by any other user or group" thing!
wmp

0
 
LVL 15

Author Closing Comment

by:MMDeveloper
ID: 31569955
I found my problem.... I was trying to "write" to the chroot directory (which was not allowed).. I had to create a subfolder IN the chroot directory for the users to write to.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem: Windows 32bit running out of paging space. Solution: Add additional page files on separate partitions. Background: By default Windows creates only one page file on the partition you install Windows on. You may know that the maximu…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now