Re: sftp chroot

Wed, 14 Jun 2017 12:08:32 -0700

thanks for the info, the read only would be rw but it's at least worth looking at even its hackish :-P
But I also figured, since I dont need a shell for these users I can simply force them in a sftp chroot somewere else but this is something I have to refine more though 

on my testmachine I have a kinda weird setup right now:

 - normal system user with home in /home/username

 - forced in a chroot with sshd_config somewere in 
/var/www/htdocs/chrootdir



I have to wait an see if this is a solution to go with but then again as 
long as it does what it is supose to do I'm okay with it.



So lets wait for the crybabies to complain about all the things they 
can't do without asking for permission first.


Regards

MArkus


Am 14.06.2017 um 20:53 schrieb Ville Valkonen:

On 14 June 2017 at 11:33, Markus Rosjat <ros...@ghweb.de> wrote:

Hi there,

I want to build an sftp environment where the user is chrooted to his home
dir. So far so good but then again the user might need access to a webserver
resource like /var/www/htdocs/some_dir

As far as I understand a symlink doesnt work in the chroot setup and Im not
quiet sure how to achieve this.

I could simply make /var/www/htdocs/some_dir the home dir of the user but Im
not sure if this is the recommended way.

so once again adivce  is helpful :)

regards

--
Markus Rosjat    fon: +49 351 8107223    mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
print it, think about your responsibility and commitment to the ENVIRONMENT



Hi,

here's the NFS solution you were after:
$ grep 127.0.0.1 /etc/exports
/home/store/music -ro -mapall=extuser1 127.0.0.1
/home/store/not_sorted -ro -mapall=extuser1 127.0.0.1

and chroot /home/$user as usual. Now the extuser1 has an read only
access to certain shares.

Hackish? Definitely. Use at your own risk.

--
Regards,
Ville



--
Markus Rosjat    fon: +49 351 8107223    mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227


Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

























					Reply via email to