Ubuntu Servers :: Allow Sftp / Ssh User Access To Only One Directory
Mar 20, 2011
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
I am using Mandriva 8 as my local server, i want to configure sftp sever by which particular user can access particular directory of our local server by using ftp client, can anyone tell me how can i do it?
I want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
I'm trying to make it so that when a user logs in they are forced to stay within a certain directory structure. For some reason what I am doing is not working properly.Here are the relevant file informations:sshd_config:
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
I'm trying to jail a sftp user. All I want is for my daughter-in-law to be able to download pictures of my grandson on his step-uncle's motorcycle. But I don't want her browsing around. She's not a techie, but she's smart enough to catch on how WinSCP is looking at my files. I've set up the jail using jk_init, adding ssh, sftp, bash, netutils, basicshell, jk_lsh.
The physical root of the jail is owned by root, as are all the binaries loaded by the jk_init. The user's home directory is owned recursively by the user and is writable only by the owner. The passwd and group files are in the jailed /etc and populated by the user's lines. Shell is bash, and bash is there too. The error message must be coming from some other problem that's not notifying, but what?
I'm using Ubuntu x64 10.04 edition. How can I set only one particular directory (and it's contents) to be accessible to a user while make everything else inaccessible for him? I already added the user by using adduser command.
I have a Virtual Private Server which I can connect to using SSH with my root account, being able to execute any linux command and access all the disk area, obviously.
I would like to create another user account, which would be able to access this server using SSH too, but only to a certain directory, for example /var/www/example.com/
For example, imagine this user has a HUGE error.log file (500 MB) located in /var/www/example.com/logs/error.log
When accessing this file using FTP, this user needs to download 500 MB to view the last lines of the log, but I'd like him to be able to execute something like this:
Therefore I need him to be able to access the server using SSH, but I don't want to grant him access to all server areas.
I have a file server on my network. It is accessed mainly by linux machines throught NFS, but sometimes I need to access it from windows, and I managed to get Samba up and running with only one share with no password, which is what I want.My users have their "private" folders which are just chmodded 700, and under NFS it works fine, but on samba I get, of course, access denied.How can I configure samba so that it asks a password to access those directory? They can become separate shares, and have their own username and passwords (not the ones in /etc/passwd in the server), I don't care.
I configured FTP server on Fedora 7.0 . I create different users with different password. I also create seprate directory for each FTP user. All are working . When I use filezilla for connecting that FTP site I can access all the directory on that server.
Now I want to configure that no any FTP user can access other FTP users directory or any other directory in server machine . What I do for this .
I need to create an SSH user that can only access the directory I would specify for them. For example, I've been able to execute the following: useradd -d /home/me/directory_for_this_user someuser
So when someuser logs in they get into this directory. Problem is that once they log in they can simply execute: cd / and navigate through all other directories which is a security risk.
How I could limit someuser's access to only /home/me/directory_for_this_user and its subdirectories and nowhere else in the system?
I'm configuring Apache for the first time on this box (8.04 LTS) and Apache2 for the first time ever. "Out of the box" it runs fine and I get the "It Works" page okay. But I'd like to use the virtual site feature to direct Apache to a folder in my user space, and I keep getting errors.
When I point a browser at localhost, the 404 message is "The requested URL / was not found on this server." and the /var/log/apache2/error.log ends with "File does not exist: /htdocs.
Here's my config file from the apache2/sites-available folder:
Code:
I diff'ed this file with the default and the only differences are in the DocumentRoot line and the <Directory ...> line.
My public_html folder has permissions 755 and the index.html file is 644.
In my recent installations of Debian stable release (Jessie) with Gnome and Cinnamon respectively, I added my wife as a normal user. A home directory was created automatically for her.
In these installations, I am able to access her home directory, while, in the past, I was not allowed to access her home directory on previous Debian releases.
2 of us have been googling all morning trying to find out how we can restrict ftp logins to their own home directories only but nothing we've found so far has worked. We've tweaked sshd_config so that they default to their home directory but they are able to navigate up/across/down to everything. This is a "straight-out-of-the-box" debian 5.0.5 Netinst. Just a basic system with Apache/MySql/PHP/SSH and no desktop.
I need to give a user write access to /var/www and its subdirectories. The current directory permissions are as follows:rwx r-x r-x root root
I added the user to the root group but that didn't seem to help.I read I could chmod -R to change the access to write for the www directory and subdirectories but I don't want to change things and mess up the website. How can I give the user access to write to the www directory and subdirectories without messing anything up? Would changing the www directory group owner to his group cause an issue anywhere?
I have an ubuntu server set up in which i would like my shared media directory to be accessable with multiple usernames / passwords because I use my admisistrator username and password for samba as well, but I do not want to give out that password to all clients in my house. And, I would like to have write permissions but keep other users to read only. Is this possible or do i need to just make one separate username / password for samba sharing?
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
I have added a new user by following command : root# useradd -u 100 -g 120 -d /product -s /bin/bash sandesh I am not able to access it in /export/home directory..?
I was having trouble getting php files to display properly on my ubuntu 10.10 LAMP setup. Everything was installed with defaults and working properly. testphp.php worked as long as it was in the sites parent directory, but any php files in user directories did not work. All browsers tried to download the php files located in /home/user/public_html instead. I tried to use the help documents here, [URL]..
Finally I was browsing around in the /etc/apache2/mods-available directory and looked at the php5.conf file. Here is the relevant information from the file:
Code:
# To re-enable php in user directories comment the following lines # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it # prevents .htaccess files from disabling it. # <IfModule mod_userdir.c> #Comment out this line
[Code]...
I tried to edit the help document linked above but it says not to do so! I couldn't find a reference for this fix anywhere else, so I decided to post it here.
Apache by defaults points to /var/www/eachdomain. I need to be able to give users ftp access to /var/www/specific domains.
It seems that if I change the owner of /var/www/specificdomains/ to the user in question, then www:data no longer owns the directory and Apache starts to have issues..
What's the best way to set this such that I can allow users to FTP into specific directories, and still have www:data own them? I'm currently using vsftp, but that can easily change.
I have FC10 newly installed, and Apache is serving content from /var/www/ okay.
I'm trying to get Apache to serve web content from user's home directories. This is what I've tried with no success:
Uncommented 'UserDir public_htm' in /etc/httpd/conf/httpd.conf and commented out 'UserDir disabled'.
And...
Uncommented user directory section in /etc/httpd/conf/httpd.conf. It now reads as follows: # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. #
[Code].....
I also tried setenforce 0 to temporarily disable SELinux until the next reboot. No luck. It doesn't appear to be an SELinux issue.
That's as far as the information available will take me. I still get URL 'Not Found' when I try to access http://192.168.0.2/~myusername/
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
Just installed lamp, I can access phpmyadmin mysql is set up and everything. When I try to view a directory [URL] I get an access denied error.
EDIT: I changed the permissions of the "folder" folder itself, I can access everything in that directory now but not any other folders in it. Do I really need to go through every folder every time and change the permissions?
I have Ubuntu server 11.04 (LAMP, SAMBA) installed with the ubuntu-desktop interface (I am not yet experienced enough to run without it).My problem is I am trying to share the www directory through samba so I can edit the site, but no matter what I do I get errors when I try and access the directory form the other machine.I did add it to the smb.conf file, and it does show up fine on teh network, however, when I try and open or change the contents of the directory it says I am unauthorized.I tried:
Code: sudo chown <sambausername> /var/www even tried
When I create folders in a PHP script fom my website, the folder is created but has owner "33". My ftp user have an other "Owner ID" than this. So I can't delete or edit the files that is created. I'm running Ubuntu 10.04 on a VPS server. ISPconfig3 proftpd I think I have LAMP (it was installed with a script from my hosting company).Also the safe_mode is off.
