Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th April 2006, 01:32
papaqube papaqube is offline
Junior Member
 
Join Date: Feb 2006
Location: Manchester, UK
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Lock SFTP user into home dir in samba environment

Hi Guys n girls

I wonder if you can help me?

I have set up a file server with SFTP access and I want to lock remote users from a local group named public-ftp into there home directory (/home/public). At the moment when i access the server from sftp client, i can browse up to the root folder and into others.

I have done a google and chroot jail seems to be an option, however it does not seem to be secure. Can anyone shed any light as to whether this is a viable option, the folder will only be used fro file storage. Or if there is an alternative way.

The /home/public is also a samba share in an environment where sercurity = ADS and password server = ADS DC. There are no conflicts with this config at the moment, ADS domain users have read/write and local public-ftp have read only access.

Many Thanks

PQ
Reply With Quote
Sponsored Links
  #2  
Old 29th April 2006, 13:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

It seems you must patch OpenSSH to chroot SFTP users:
http://mail.incredimail.com/howto/op...root.howto.txt
http://archives.neohapsis.com/archiv...5-08/1236.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd May 2006, 02:23
papaqube papaqube is offline
Junior Member
 
Join Date: Feb 2006
Location: Manchester, UK
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Falko

Thanks for the pointers.

As my linux experience is limited (I am from a win 98 generation and point and click is all i no, altho i have a willingness to learn), i thought the best way to approach setting up a chroot user is through your 'CHROOTED SSH HOWTO'.

After doing so i have had little success in signing into sftp as the (chrooted) testuser:

# sftp testuser@localhost
Connecting to localhost...
/etc/ssh/ssh_config line 41: Unsupported option "GSSAPIAuthentication"
testuser@localhost's password:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer

However i can sign on to sftp as non-chroot user. Do you no if there is any way diagnose, or if others have had success with this how on Fedora 4.


Many Thanks, PQ

PS Great site, i am finding a library of knowledge in learning all about linux and its community.
Reply With Quote
  #4  
Old 2nd May 2006, 15:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by papaqube
However i can sign on to sftp as non-chroot user. Do you no if there is any way diagnose, or if others have had success with this how on Fedora 4.
Unfortunately I don't know if this tutorial works for SFTP as my focus was on chrooted SSH...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 2nd May 2006, 20:42
papaqube papaqube is offline
Junior Member
 
Join Date: Feb 2006
Location: Manchester, UK
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hi Faklo

No problem. Thanks alot for your help anyway. I will endevour to motor on.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Roaming Profile Error with Samba Domain Controller Setup singe Installation/Configuration 1 14th April 2007 07:47
problem on home directory of a user krishol Installation/Configuration 1 25th April 2006 15:41
Samba root user log in linds HOWTO-Related Questions 5 2nd March 2006 17:34


All times are GMT +2. The time now is 08:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.