![]() Those who know what they are doing can change their permissions. A sound default permission on the home directory (e.g. PS: I can not understand, why many people insist to administratively prohibit users to access each other's home directories. In the edit window, you can see the granular permissions that get granted by the generic (read/write/modify, etc) you granted above. In the change permissions, highlight the user and select 'edit'. You might also consider setting the umask for sftp: ForceCommand internal-sftp -u 0002 On the advanced settings menu, select 'change permissions' (may require UAC authentication). The setgid on users homes might be useful for your scripts (which run as www-data I assume). You just need to create some directories: for user in u29 u44 u52 u68 doįind $home$home -type d -exec chmod 2770 + A prime choice is /home/user/home/user to which sftp will go after logging in. Therefore you need to create a directory inside /home/user, which will be owned by the user. On the other hand you need user-writable directories, if you want user's to delete files in their home directory.After the chroot, sshd(8) changes the working directory to the user's home directory. All components of the pathname must be root-owned directories that are not writable by any other user or group. Specifies the pathname of a directory to chroot(2) to after authentication. As specified by the sshd_config manpage:.My users are set up like this: 29:x:1002:1001::/home/26:/bin/shĪpart the user naming problem, which should be corrected, but probably has no influence on your use case, your configuration must satisfy two incompatible contraints: My sftp config from /etc/ssh/sshdconfig is: Match group sftp ![]() ![]() The user/group for the folder is root:I created a group 'sftp' but again if I add the user to the sftp group, change the home directory to user:sftp they can't login. Any 'rm' command returns a permissions error - Couldn't delete file: Permission denied. The users can login, retrieve the files, and are constrained to their own directories. We have an API that is writing files to their home directories. I have 10 users that should only have access to the files in their home directories and they should not be able to get out of their home directory. I've set up a simple SFTP server on Ubuntu 18.04.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |