Re: Solved? permissions, httpd with sftp chroot directory

2018-09-19 Thread Chris Bennett
On Wed, Sep 19, 2018 at 02:59:42PM -0700, Chris Bennett wrote: > OK, I think I have this right now > > Files in /etc/mtree show proper owner:group mode everywhere. > Files inside of httpd chroot have same as outside. > Added an sftp chroot directory inside of httpd chroot fo

Solved? permissions, httpd with sftp chroot directory

2018-09-19 Thread Chris Bennett
OK, I think I have this right now Files in /etc/mtree show proper owner:group mode everywhere. Files inside of httpd chroot have same as outside. Added an sftp chroot directory inside of httpd chroot for external user. Thus they can upload and download, but do the work elsewhere. Nologin. Right

Re: sftp chroot

2017-06-14 Thread Markus Rosjat
thanks for the info, the read only would be rw but it's at least worth looking at even its hackish :-P But I also figured, since I dont need a shell for these users I can simply force them in a sftp chroot somewere else but this is something I have to refine more though on my testmachine I

Re: sftp chroot

2017-06-14 Thread Ville Valkonen
On 14 June 2017 at 11:33, Markus Rosjat wrote: > Hi there, > > I want to build an sftp environment where the user is chrooted to his home > dir. So far so good but then again the user might need access to a webserver > resource like /var/www/htdocs/some_dir > > As far as I

Re: sftp chroot

2017-06-14 Thread Todd
Have a look at the book https://www.michaelwlucas.com/tools/relayd Chapter 7 addresses this exact scenario On Wed, Jun 14, 2017 at 3:33 AM, Markus Rosjat wrote: > Hi there, > > I want to build an sftp environment where the user is chrooted to his home > dir. So far so good

Re: sftp chroot

2017-06-14 Thread Markus Rosjat
Am 14.06.2017 um 16:31 schrieb Chris M: Some hosts chroot users into a specific web dir because they have multiple vhosts on the same server, and they dont want all sftp or ssh users to be able to browse into other vhosts, even to look around. They might also want to give developers access to

Re: sftp chroot

2017-06-14 Thread Chris M
Some hosts chroot users into a specific web dir because they have multiple vhosts on the same server, and they dont want all sftp or ssh users to be able to browse into other vhosts, even to look around. They might also want to give developers access to specific subdirs without seeing the entire

Re: sftp chroot

2017-06-14 Thread Predrag Punosevac
Markus Rosjat wrote: > Am 14.06.2017 um 13:42 schrieb Jiri B: > > On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: > >> Je 2017-06-14 13:02, Bryan Harris skribis: > >>> On Linux I have mounted another fs inside the user's home folder (it > is > >>> mounted twice). I don't know if

Re: sftp chroot

2017-06-14 Thread Chris M
You could do it like this: Say you have /www/sites/, make a subdir /files/html, and another for /html which is a symlink to files/html: /www/sites/www.somedomain.com /www/sites/www.somedomain.com/files/html /www/sites/www.somedomain.com/html -> files/html Mount /www/sites/www.somedomain.com to

Re: sftp chroot

2017-06-14 Thread Markus Rosjat
Am 14.06.2017 um 15:53 schrieb Markus Rosjat: Am 14.06.2017 um 13:42 schrieb Jiri B: On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: Je 2017-06-14 13:02, Bryan Harris skribis: On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't

Re: sftp chroot

2017-06-14 Thread Markus Rosjat
Am 14.06.2017 um 13:42 schrieb Jiri B: On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: Je 2017-06-14 13:02, Bryan Harris skribis: On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. This is not

Re: sftp chroot

2017-06-14 Thread Jiri B
On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: > Je 2017-06-14 13:02, Bryan Harris skribis: > >On Linux I have mounted another fs inside the user's home folder (it is > >mounted twice). I don't know if OpenBSD has that feature. > > > > This is not possible on OpenBSD, mount will

Re: sftp chroot

2017-06-14 Thread Solène Rapenne
Je 2017-06-14 13:02, Bryan Harris skribis: On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. This is not possible on OpenBSD, mount will tell "device is busy". On linux you should use mount --bind to bind a

Re: sftp chroot

2017-06-14 Thread Bryan Harris
On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. On Wed, Jun 14, 2017 at 6:38 AM, Ville Valkonen wrote: > Hi, > > one option is to use local nfs mounts. That's what I've done. > > -- >

Re: sftp chroot

2017-06-14 Thread Ville Valkonen
Hi, one option is to use local nfs mounts. That's what I've done. -- Regards, Ville On Jun 14, 2017 11:34 AM, "Markus Rosjat" wrote: Hi there, I want to build an sftp environment where the user is chrooted to his home dir. So far so good but then again the user might need

Re: sftp chroot

2017-06-14 Thread Solène Rapenne
Je 2017-06-14 10:33, Markus Rosjat skribis: Hi there, I want to build an sftp environment where the user is chrooted to his home dir. So far so good but then again the user might need access to a webserver resource like /var/www/htdocs/some_dir As far as I understand a symlink doesnt work in

sftp chroot

2017-06-14 Thread Markus Rosjat
Hi there, I want to build an sftp environment where the user is chrooted to his home dir. So far so good but then again the user might need access to a webserver resource like /var/www/htdocs/some_dir As far as I understand a symlink doesnt work in the chroot setup and Im not quiet sure how

sftp chroot does'nt pass the login

2010-05-30 Thread Jean-Francois
Hi, I am using sftp server with a chroot with following lines in sshd configuration file. The same works for my actual server in 4.4 OpenBSD but I just freshly installed a 4.7 one and on it the sftp login fails (it works without chroot). Match group web ChrootDirectory /var/www/htdocs

Re: sftp chroot does'nt pass the login

2010-05-30 Thread Bret S. Lambert
On Sun, May 30, 2010 at 05:22:22PM +0200, Jean-Francois wrote: Hi, I am using sftp server with a chroot with following lines in sshd configuration file. The same works for my actual server in 4.4 OpenBSD but I just freshly installed a 4.7 one and on it the sftp login fails (it works

Re: sftp chroot does'nt pass the login

2010-05-30 Thread Jean-Francois
Le dimanche 30 mai 2010 17:39:36, Bret S. Lambert a icrit : On Sun, May 30, 2010 at 05:22:22PM +0200, Jean-Francois wrote: Hi, I am using sftp server with a chroot with following lines in sshd configuration file. The same works for my actual server in 4.4 OpenBSD but I just freshly

Re: sftp chroot ?

2009-02-24 Thread Stuart Henderson
On 2009-02-23, Michael W. Lucas mwlu...@blackhelicopters.org wrote: On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? Don't scp or SSH in as root. Use a regular account and sudo, or

Re: sftp chroot ?

2009-02-24 Thread Olivier Cherrier
On Mon, Feb 23, 2009 at 07:33:23PM +0100, jfsimon1...@gmail.com wrote: If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? - Is it possible to chrrot only some users ? What man page is not clear? -- Olivier Cherrier

Re: sftp chroot ?

2009-02-24 Thread Cezary Morga
Dnia poniedziaEek, 23 lutego 2009, Nigel J. Taylor napisaE: ChrootDirectory %h Subsystem sftpinternal-sftp Match group wheel ChrootDirectory none Or the other way around. Subsystem sftp internal-sftp Match User john paul ChrootDirectory /chroot/%u -- Pozdrawiam, Cezary Morga

Re: sftp chroot ?

2009-02-24 Thread Beto
Hi Jean-Francois Attach a little example, hope that helps The user archivos only have access to /var/www/domains/home/ archivos/public_html $ cat /etc/ssh/sshd_config Port 22 Protocol 2 SyslogFacility AUTH LogLevel INFO PermitRootLogin no Subsystem sftp internal-sftp Match group chrootusers

sftp chroot ?

2009-02-23 Thread Jean-Francois
Hi All, As far as I understand, the sftp service is always running since it is the ssh daemon (maybe one can correct me if I'm wrong). Hence I need to chroot some users to specific directories. I prefer not to use vsftp at present time if this feature is available with sftp of OpenBSD. One can

Re: sftp chroot ?

2009-02-23 Thread Mike Erdely
at present time if this feature is available with sftp of OpenBSD. One can help me ? http://lmgtfy.com/?q=sftp+chroot+openbsd

Re: sftp chroot ?

2009-02-23 Thread Floor Terra
See sshd_config(5) and search for ChrootDirectory. Floor On Feb 23, 2009 6:24 PM, Jean-Francois jfsimon1...@gmail.com wrote: Hi All, As far as I understand, the sftp service is always running since it is the ssh daemon (maybe one can correct me if I'm wrong). Hence I need to chroot some users

Re: sftp chroot ?

2009-02-23 Thread Jean-Francois
Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? - Is it possible to chrrot only some users ? I am afraid that is I do this then all users will be chrooted and I won't be able to turn this back since I will not have access to /etc. Line to be changed

Re: sftp chroot ?

2009-02-23 Thread patric conant
can correct me if I'm wrong). Hence I need to chroot some users to specific directories. I prefer not to use vsftp at present time if this feature is available with sftp of OpenBSD. One can help me ? http://lmgtfy.com/?q=sftp+chroot+openbsd -- /\ASCII Ribbon Campaign

Re: sftp chroot ?

2009-02-23 Thread Michael W. Lucas
On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? Don't scp or SSH in as root. Use a regular account and sudo, or at least the root password. - Is it possible to chrrot only some

Re: sftp chroot ?

2009-02-23 Thread Mike Erdely
On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: - Is it possible to chrrot only some users ? I don't believe so. You could look at scponly, it can chroot users. It's an add-on shell, not in ports, has not been

Re: sftp chroot ?

2009-02-23 Thread Nigel J. Taylor
Hi, You might try a looking at Match in the sshd_config man pages, ChrootDirectory. Something like this in sshd_config, home directories must be root owned if chrooted. This is in Openssh v5.1, not sure when it was introduced. ChrootDirectory %h Subsystem sftpinternal-sftp Match

Re: sftp chroot ?

2009-02-23 Thread Maxime DERCHE
On Mon, 23 Feb 2009 14:17:57 -0600 patric conant mirage.comput...@gmail.com wrote: That was the funniest thing I have ever seen. Funny, at least. :) -- Maxime DERCHE GnuPG public key ID : 0x9A85C4C0 (fingerprint : 0FDC 16AF 5A5B 1908 786C 2B85 2D3C C83E 9A85 C4C0)

Re: sftp chroot ?

2009-02-23 Thread Julien Cabillot
Hi, yes it's possible to chroot only some useee, see match user in sshd_config Le Mon, 23 Feb 2009 19:33:23 +0100, Jean-Francois jfsimon1...@gmail.com a C)crit : Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? - Is it possible to chrrot only

Re: sftp chroot ?

2009-02-23 Thread Michael W. Lucas
On Mon, Feb 23, 2009 at 05:20:17PM -0500, Mike Erdely wrote: On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: - Is it possible to chrrot only some users ? I don't believe so. You could look at scponly, it

SSH, SFTP, chroot and no login shells

2005-08-16 Thread Dave Harrison
Hi all, I've been googling around for a couple of days now, and there is little consensus on how to solve the 'sftp no shell access' problem. I've found references to people that are using patched versions of OpenSSH (a solution I think begs for problems to occur) to facilitate chroot-ing users