Server :: SSH Chroot'ed User Can't Write Files / Solve It?
May 31, 2011
I am having an issue with a Chrooted SFTP User not being able to write files.
The permissions are setup correctly as if I remove the Chroot the user can write files correctly.
User has a transfer folder which they should be able to write files to and read from, this works correctly until I apply the snippet from sshd_config file below then the user can only read files. I have tried tweaking the permissions but this doesn't seem to have helped at all.code...
I'm using OpenSSH 5.5p1 on Fedora 15. I'm trying to get a chrootDirectory to work. Specifically trying to figure out why I can't write files to a sub-directory of the chroot directory. I created a user test_user and created a group called sftp. I added test_user to the sftp group. I edited /etc/ssh/sshd_config as follows:
Code:
Subsystem sftp internal-sftp Match group sftp ChrootDirectory /home/sftp_users/%u X11Forwarding no
I want to write a shell script which will simultaneously collect OS user information and write in an individual text files.Can anyone tell me the syntax of the script.N.B. The user name will be mentioned in an array within the shell script.
As a testcase on how encryption works out of the box with OS11.4 I've formatted an external drive with encryption. All goes well and upon boot the passphrase is requested. However I cannot write files to the disk as a user and I can't find the correct mount command in order to get it mounted so that my users can write to it and not only the root.
I need 2 Linux users to share a folder. Within this folder, users should always be able to create files and sub-folders and write into any sub-folder (whether they own it or not). However, they should only be able to edit the files they actually own.
we are running a Red Hat Enterprise Linux ES release 3 (Taroon Upd 5) Kernel 2.4.21-32.ELsmp since several years. The server hosts an old ERP system who will be replaced at the end of the year.However it is necessary that some collegues are able to write some files to that server regulary. Since we are running Windows 7 on several machines, those users aren't anymore able to write to the samba share. Getting files from the share works fine.
But the problem seems not to be situated at the samba service because also the transfer using SSH (WINSCP) from any Win7 system to the server doesn't work.During testing we recogniced that transfering files smaller then 1kb works fine ... any file greater then 1kb ends up in an connection abort. This works with samba and also using SSH.All the workarounds editing some registry entries in Win7 for improving the interoperability between vista / win7 and samba don't work for us ... and also seem not to be the source of the problem.Is there a general known incompatibility between our RHEL version / kernel and Windows 7 regarding file transfers?
I'm attempting to give a few buddies encrypted storage space through sftp using truecrypt.I have it worked out to the point where the truecrypt volume is automatically mounted when the user logs on, and dismounted when they log off.I would like to restrict each person to their individual home folders. This way, I can control exactly how much space each user is able to use (through the size of the truecrypt volume), while maintaining security through the network due to using SFTP.
I've been looking around, and the only thing I can see is restricting a large group of users to a single directory, this won't work, I need each person to be locked down to their personal home directory.My end goal is to have these volumes "mountable" in Windows through the use of Windows network drives (on a wide network, not through samba on local), or by using expandrive or a similar program. how I can lock these users to their respective home folders?
Is there a way where i can chroot their user home directory, lets say the user login on linux box /home/user, what i wanted to do is to chroot /home/user where user won't be able to browse the filesystem which is /. Tnx
Its been two days over, after my search started . But I didn't find answer any where ?. I need to call chroot as part of normal user, but to my surprise it can only be called by SUper user with CAP_SYS_CHROOT capabilities. I am not sure how to add this capability to my user .
I Have Configure Samba server in Centos, I need give permission like for some user(5User) can able to read and write the particular folder, and again i need give some another user(6user) can only read permission for same folder.
I am trying to write a perl script which will give an interactive session to a user to execute command on the server. I have written a small script to do this :
Code: !/usr/bin/perl -w use strict; use Net::SSH::Perl; my $host = '192.168.1.1'; my $username = 'user'; my $login_passwd = 'test123';
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection : 1. MTA - Postfix 2. POP - dovecot
I've recently configured our mail server (postfix/dovecot). Everything is running, I have a reverse DNS, MX records, A records etc.. I've added the users already.Here is the problem, whenever I test email from an email client(Outlook 2003), there's no problem. But when try sending email from the outside the mail just bounce or deferred.
I've looked everywhere but I can't find where to change the default box for incoming mail, or am I on the wrong track. It's a nuisance having to change folders and I can't configure wastebin to empty on exit.And I can't get kmail to import from evolution. Do I have to go to the evolution storage and do it manually, and if so, how do I do that?
Since I created second user USB devices as PTP camera, flash mass storage automounts always for the new user. Even the second user is not logged in automount does not work for main user. When I log in as second user (with device plugged in) it is mounted automatically after log in.
What can I do with this problem? I would like to access devices from each user (not necessarily at the same time). How can I configure it? How can I "remount" device to my current user without switching into the second one (it's someones else account)?
I understand that chroot is usually used to provide security, however, for my issue, security is a big don't care. I am very new to using chroot and don't fully understand how the chroot'd env works.
problem: Trying to use a vendor supplied cross compile environment. The environment runs as a chroot'd env and works just fine. I have a large number of additional modules that I wish to compile in the chroot'd environment. FYI, these modules are also (succesfully) compiled for other targets not using chroot'd env's. Copying the source files into the the chroot environment is not an option (don't have hours to wait for copies to finish and it would break the make system). Having them live in the environment is also not an option (the chroot build is a tiny part of the build process and we cannot revamp our entire source tree to accommodate it).
I am looking for a way to have the compiler in the chroot'd env have access to a path that is outside of the env and typically higher up in the same path that holds the chroot'd env. I have tried soft links (they don't work as expected). Hard links only work for single files and there are 10's of thousands of files that would need to be linked. I am not sure how I would go about exporting the additional files and then mounting the exported files in the chroot'd env (or if that would even work).
I need to write a shell script which can ready content of the folder and place files on remote FTP server. I need to make sure that a file that is already placed on remote FTP server is not attempted second time. The file names will be something like Records-2011-05-09. The files will be generated by MySQL every hour.
I have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
I am using CentOS 5.4. I updated my firefox to 3.6.7. After that when I login in facebook and click anything in facebook, my pc log out, even from root user. cause & solution of this problem.
For some reason, my user directories don't seem to process php files. For example, server/~reduxtion/index.php forces the browser to download the file while server/index.php is fine.
i would like to copy all files from my server001 (/var/www/vhosts/*/httpdocs/) to my server002 (/var/www/virtual/*/htdocs/) i would do it via rsync... but i dont want to do it as root! what would be the right user with which I should login myself via rsync? www-data? its the group of each domain-folder...
Quote:
server002:/var/www/virtual# ls -lh insgesamt 4,0K drwxrwx--- 10 vu2001 www-data 4,0K 9. Mär 09:58 domain.com server002:/var/www/virtual#
but the files inside htdocs are only accessable for the user!
Code:
server002:/var/www/virtual/domain.com/htdocs# ls -lh | grep index.php -rwxr-xr-x 1 vu2001 vu2001 397 24. Feb 23:30 index.php server002:/var/www/virtual/domain.com/htdocs# server002 will be the backup-server if the server001 is down!
I have a chrooted account setup for my ssh server. However, I am trying to allow this user read only access to access on a mounted hard-drive and more specifically a specific folder from that mounted drive. I would also like to have this drive be mounted for me in my normal environment with write access.
I recently started using SVN with Apache for my web development, although I find it really annoying that I have to issue two SVN commands (one local, one remote) to update my web site. I have been looking into SVN post-commit hooks to solve this problem. The only problem is that apache does not have permission to modify files in my user directory... So here is how everything is setup. I am running Slackware 13 full install. There have been no installations overriding any of the default installs.
Have openoffice 3.1.1 and samba shares set up between my Opensuse 11.2 desktop and wife and daughters widows7 notebooks. Can access everything perfectly over the shares except anything in Openoffice.
When I try to open a file located on one of the two notebooks Openoffice gives the message "you can only select local files"
I found an old solution from 2005 on this in google suggesting that you had to mount manually the remote drive. That seems extremely clunky and cumbersome.
There must be a way to enable Openoffice to open remote files. I can't believe in 2009 Openoffice is not able to do this without jumping through hoops.
Having trouble handling JPEG-2000 files. Message says I need some plugin. I've checked in Synaptic and there are a couple of packages installed by default that mention JPEG 2000 but obviously I need something else. Any ideas?
