Want to subscribe to topics you're interested in?
Become a Member

Sftp per users?

Discussion in 'System Administration' started by pamamolf, Aug 21, 2014.

  1. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    4:53 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi


    As we do not have ftp on Centminmod and we use sftp that is more secure is it possible to add a user that can see only one folder for example /backup/domain.com/ ?

    Thanks :)
     
  2. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    10:53 PM
    Mainline
    10.2
    Will be added soon ;)
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    4:53 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Ok thanks :)
     
  5. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    117
    15
    18
    Oct 20, 2014
    Ratings:
    +33
    Local Time:
    9:53 AM
    1.8.0
    5.6
    @pamamolf, what was your solution for this?
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    4:53 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    At the moment vsftpd :)
     
  7. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    117
    15
    18
    Oct 20, 2014
    Ratings:
    +33
    Local Time:
    9:53 AM
    1.8.0
    5.6
    Does vsftpd work smarter than the built-in SFTP or Jailkit?

    The problem I had when trying to use Jailkit and other CentOS SFTP methods was unnecessary directory structures and visual access outside the directory.

    For example, I want a "media" user who has access to /home/media. They can't go any further up the chain and they don't have their own "user" folder inside of that folder.

    I couldn't seem to do this with CentOS or Jailkit. They all wanted to treat /home as the chroot and media as a user folder, but my test SFTP account could still browse up to my server root and open files (but not make changes).

    I'll look at vsftpd more closely.
     
  8. Inforit

    Inforit Premium Member Premium Member

    52
    15
    8
    Jul 30, 2014
    Ratings:
    +22
    Local Time:
    2:53 PM
    nginx/1.7.3
    MariaDB 5.5
    I am trying vsftpd need an account with just access to public folder, I think its setup correctly but when logging in I keep getting

    Code:
    500 OOPS: cannot change directory:/home/nginx/domains/domain.com/public
    any ideas?

    Thanks
     
  9. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    4:53 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    After searching for days i found how to lock a user on a path but no way to do it on the :

    Code:
    /home/nginx/domains/domain.com/public
    No way as i got always permissions problem and the user wants to be root and nginx needs nginx permissions...

    At the moment this work for me but as i say before not on the above path:

    Code:
    http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
    Check it and if you found a way to do it in this path please post back :)

    Thanks
     
  10. Inforit

    Inforit Premium Member Premium Member

    52
    15
    8
    Jul 30, 2014
    Ratings:
    +22
    Local Time:
    2:53 PM
    nginx/1.7.3
    MariaDB 5.5
    Thanks @pamamolf so you cant send to public then, was going crazy trying! lol
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    4:53 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I am not an expert but i was not able to do it... :(

    Maybe someone else can do it and post here and help us :)