Re: Solved? permissions, httpd with sftp chroot directory

On Wed, Sep 19, 2018 at 02:59:42PM -0700, Chris Bennett wrote: > OK, I think I have this right now > > Files in /etc/mtree show proper owner:group mode everywhere. > Files inside of httpd chroot have same as outside. > Added an sftp chroot directory inside of httpd chroot fo

Solved? permissions, httpd with sftp chroot directory

OK, I think I have this right now Files in /etc/mtree show proper owner:group mode everywhere. Files inside of httpd chroot have same as outside. Added an sftp chroot directory inside of httpd chroot for external user. Thus they can upload and download, but do the work elsewhere. Nologin. Right

Re: sftp chroot

thanks for the info, the read only would be rw but it's at least worth looking at even its hackish :-P But I also figured, since I dont need a shell for these users I can simply force them in a sftp chroot somewere else but this is something I have to refine more though on my testmach

Re: sftp chroot

On 14 June 2017 at 11:33, Markus Rosjat wrote: > Hi there, > > I want to build an sftp environment where the user is chrooted to his home > dir. So far so good but then again the user might need access to a webserver > resource like /var/www/htdocs/some_dir > > As far as I understand a symlink doe

Re: sftp chroot

Have a look at the book https://www.michaelwlucas.com/tools/relayd Chapter 7 addresses this exact scenario On Wed, Jun 14, 2017 at 3:33 AM, Markus Rosjat wrote: > Hi there, > > I want to build an sftp environment where the user is chrooted to his home > dir. So far so good but then again the u

Re: sftp chroot

Am 14.06.2017 um 16:31 schrieb Chris M: Some hosts chroot users into a specific web dir because they have multiple vhosts on the same server, and they dont want all sftp or ssh users to be able to browse into other vhosts, even to look around. They might also want to give developers access to spe

Re: sftp chroot

Some hosts chroot users into a specific web dir because they have multiple vhosts on the same server, and they dont want all sftp or ssh users to be able to browse into other vhosts, even to look around. They might also want to give developers access to specific subdirs without seeing the entire vh

Re: sftp chroot

Markus Rosjat wrote: > Am 14.06.2017 um 13:42 schrieb Jiri B: > > On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: > >> Je 2017-06-14 13:02, Bryan Harris skribis: > >>> On Linux I have mounted another fs inside the user's home folder (it > is > >>> mounted twice). I don't know if Op

Re: sftp chroot

You could do it like this: Say you have /www/sites/, make a subdir /files/html, and another for /html which is a symlink to files/html: /www/sites/www.somedomain.com /www/sites/www.somedomain.com/files/html /www/sites/www.somedomain.com/html -> files/html Mount /www/sites/www.somedomain.com to /

Re: sftp chroot

Am 14.06.2017 um 15:53 schrieb Markus Rosjat: Am 14.06.2017 um 13:42 schrieb Jiri B: On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: Je 2017-06-14 13:02, Bryan Harris skribis: On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't kn

Re: sftp chroot

Am 14.06.2017 um 13:42 schrieb Jiri B: On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: Je 2017-06-14 13:02, Bryan Harris skribis: On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. This is not po

Re: sftp chroot

On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: > Je 2017-06-14 13:02, Bryan Harris skribis: > >On Linux I have mounted another fs inside the user's home folder (it is > >mounted twice). I don't know if OpenBSD has that feature. > > > > This is not possible on OpenBSD, mount will t

Re: sftp chroot

Je 2017-06-14 13:02, Bryan Harris skribis: On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. This is not possible on OpenBSD, mount will tell "device is busy". On linux you should use mount --bind to bind a folde

Re: sftp chroot

On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. On Wed, Jun 14, 2017 at 6:38 AM, Ville Valkonen wrote: > Hi, > > one option is to use local nfs mounts. That's what I've done. > > -- > Regards, > Ville > > > On Jun

Re: sftp chroot

Hi, one option is to use local nfs mounts. That's what I've done. -- Regards, Ville On Jun 14, 2017 11:34 AM, "Markus Rosjat" wrote: Hi there, I want to build an sftp environment where the user is chrooted to his home dir. So far so good but then again the user might need access to a webserv

Re: sftp chroot

Je 2017-06-14 10:33, Markus Rosjat skribis: Hi there, I want to build an sftp environment where the user is chrooted to his home dir. So far so good but then again the user might need access to a webserver resource like /var/www/htdocs/some_dir As far as I understand a symlink doesnt work in th

sftp chroot

Hi there, I want to build an sftp environment where the user is chrooted to his home dir. So far so good but then again the user might need access to a webserver resource like /var/www/htdocs/some_dir As far as I understand a symlink doesnt work in the chroot setup and Im not quiet sure how

Re: sftp chroot does'nt pass the login

Le dimanche 30 mai 2010 17:39:36, Bret S. Lambert a icrit : > On Sun, May 30, 2010 at 05:22:22PM +0200, Jean-Francois wrote: > > Hi, > > > > I am using sftp server with a chroot with following lines in sshd > > configuration file. The same works for my actual server in 4.4 OpenBSD > > but I just fr

Re: sftp chroot does'nt pass the login

On Sun, May 30, 2010 at 05:22:22PM +0200, Jean-Francois wrote: > Hi, > > I am using sftp server with a chroot with following lines in sshd > configuration > file. The same works for my actual server in 4.4 OpenBSD but I just freshly > installed a 4.7 one and on it the sftp login fails (it works

sftp chroot does'nt pass the login

Hi, I am using sftp server with a chroot with following lines in sshd configuration file. The same works for my actual server in 4.4 OpenBSD but I just freshly installed a 4.7 one and on it the sftp login fails (it works without chroot). Match group web ChrootDirectory /var/www/htdocs

Re: sftp chroot ?

Hi Jean-Francois Attach a little example, hope that helps The user archivos only have access to /var/www/domains/home/ archivos/public_html $ cat /etc/ssh/sshd_config Port 22 Protocol 2 SyslogFacility AUTH LogLevel INFO PermitRootLogin no Subsystem sftp internal-sftp Match group chrootusers

Re: sftp chroot ?

Dnia poniedziaEek, 23 lutego 2009, Nigel J. Taylor napisaE: > ChrootDirectory %h > > Subsystem sftpinternal-sftp > > Match group wheel > ChrootDirectory none Or the other way around. Subsystem sftp internal-sftp Match User john paul ChrootDirectory /chroot/%u -- Pozdrawiam, Cezary Mo

Re: sftp chroot ?

On Mon, Feb 23, 2009 at 07:33:23PM +0100, jfsimon1...@gmail.com wrote: > If I understand this will chroot any user. Am I correct ? > - Is root chrroted as well ? > - Is it possible to chrrot only some users ? What man page is not clear? -- Olivier Cherrier

Re: sftp chroot ?

On 2009-02-23, Michael W. Lucas wrote: > On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: >> Hello, >> >> If I understand this will chroot any user. Am I correct ? >> - Is root chrroted as well ? > > Don't scp or SSH in as root. Use a regular account and sudo, or at > least the roo

Re: sftp chroot ?

On Mon, Feb 23, 2009 at 05:20:17PM -0500, Mike Erdely wrote: > On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: > > On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: > > > - Is it possible to chrrot only some users ? > > > > I don't believe so. You could look at scpo

Re: sftp chroot ?

Hi, yes it's possible to chroot only some useee, see match user in sshd_config Le Mon, 23 Feb 2009 19:33:23 +0100, Jean-Francois a C)crit : > Hello, > > If I understand this will chroot any user. Am I correct ? > - Is root chrroted as well ? > - Is it possible to chrrot only some users ? > > I

Re: sftp chroot ?

On Mon, 23 Feb 2009 14:17:57 -0600 patric conant wrote: > That was the funniest thing I have ever seen. Funny, at least. :) -- Maxime DERCHE GnuPG public key ID : 0x9A85C4C0 (fingerprint : 0FDC 16AF 5A5B 1908 786C 2B85 2D3C C83E 9A85 C4C0) http://www.mouet-mouet.net/maxime/blog/index.php

Re: sftp chroot ?

Hi, You might try a looking at Match in the sshd_config man pages, ChrootDirectory. Something like this in sshd_config, home directories must be root owned if chrooted. This is in Openssh v5.1, not sure when it was introduced. ChrootDirectory %h Subsystem sftpinternal-sftp Match grou

Re: sftp chroot ?

On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: > On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: > > - Is it possible to chrrot only some users ? > > I don't believe so. You could look at scponly, it can chroot users. > It's an add-on shell, not in ports, has not

Re: sftp chroot ?

On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: > Hello, > > If I understand this will chroot any user. Am I correct ? > - Is root chrroted as well ? Don't scp or SSH in as root. Use a regular account and sudo, or at least the root password. > - Is it possible to chrrot only some

Re: sftp chroot ?

e ssh daemon (maybe one can correct me if I'm wrong). > > Hence I need to chroot some users to specific directories. > > I prefer not to use vsftp at present time if this feature is available > > with sftp of OpenBSD. > > > > One can help me ? > > http://lmgt

Re: sftp chroot ?

Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? - Is it possible to chrrot only some users ? I am afraid that is I do this then all users will be chrooted and I won't be able to turn this back since I will not have access to /etc. Line to be changed

Re: sftp chroot ?

See sshd_config(5) and search for ChrootDirectory. Floor On Feb 23, 2009 6:24 PM, "Jean-Francois" wrote: Hi All, As far as I understand, the sftp service is always running since it is the ssh daemon (maybe one can correct me if I'm wrong). Hence I need to chroot some users to specific director

Re: sftp chroot ?

fer not to use vsftp at present time if this feature is available > with sftp of OpenBSD. > > One can help me ? http://lmgtfy.com/?q=sftp+chroot+openbsd

sftp chroot ?

Hi All, As far as I understand, the sftp service is always running since it is the ssh daemon (maybe one can correct me if I'm wrong). Hence I need to chroot some users to specific directories. I prefer not to use vsftp at present time if this feature is available with sftp of OpenBSD. One can he

SSH, SFTP, chroot and no login shells

Hi all, I've been googling around for a couple of days now, and there is little consensus on how to solve the 'sftp & no shell access' problem. I've found references to people that are using patched versions of OpenSSH (a solution I think begs for problems to occur) to facilitate chroot-ing users