Get the most out of your Centmin Mod LEMP stack
Become a Member

Sftp per users?

Discussion in 'System Administration' started by pamamolf, Aug 21, 2014.

  1. pamamolf

    pamamolf Well-Known Member

    2,819
    251
    83
    May 31, 2014
    Ratings:
    +445
    Local Time:
    9:21 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Hi

    As we do not have ftp on Centminmod and we use sftp that is more secure is it possible to add a user that can see only one folder for example /backup/domain.com/ ?

    Thanks :)
     
  2. RoldanLT

    RoldanLT Well-Known Member

    3,975
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    3:21 PM
    1.11
    10.2
    Will be added soon ;)
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:21 PM
    Nginx 1.13.x
    MariaDB 5.5
  4. pamamolf

    pamamolf Well-Known Member

    2,819
    251
    83
    May 31, 2014
    Ratings:
    +445
    Local Time:
    9:21 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Ok thanks :)
     
  5. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    77
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    2:21 AM
    1.8.0
    5.6
    @pamamolf, what was your solution for this?
     
  6. pamamolf

    pamamolf Well-Known Member

    2,819
    251
    83
    May 31, 2014
    Ratings:
    +445
    Local Time:
    9:21 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    At the moment vsftpd :)
     
  7. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    77
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    2:21 AM
    1.8.0
    5.6
    Does vsftpd work smarter than the built-in SFTP or Jailkit?

    The problem I had when trying to use Jailkit and other CentOS SFTP methods was unnecessary directory structures and visual access outside the directory.

    For example, I want a "media" user who has access to /home/media. They can't go any further up the chain and they don't have their own "user" folder inside of that folder.

    I couldn't seem to do this with CentOS or Jailkit. They all wanted to treat /home as the chroot and media as a user folder, but my test SFTP account could still browse up to my server root and open files (but not make changes).

    I'll look at vsftpd more closely.
     
  8. Inforit

    Inforit Premium Member Premium Member

    42
    13
    8
    Jul 30, 2014
    Ratings:
    +16
    Local Time:
    7:21 AM
    nginx/1.7.3
    MariaDB 5.5
    I am trying vsftpd need an account with just access to public folder, I think its setup correctly but when logging in I keep getting

    Code:
    500 OOPS: cannot change directory:/home/nginx/domains/domain.com/public
    any ideas?

    Thanks
     
  9. pamamolf

    pamamolf Well-Known Member

    2,819
    251
    83
    May 31, 2014
    Ratings:
    +445
    Local Time:
    9:21 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    After searching for days i found how to lock a user on a path but no way to do it on the :

    Code:
    /home/nginx/domains/domain.com/public
    No way as i got always permissions problem and the user wants to be root and nginx needs nginx permissions...

    At the moment this work for me but as i say before not on the above path:

    Code:
    http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
    Check it and if you found a way to do it in this path please post back :)

    Thanks
     
    • Like Like x 1
  10. Inforit

    Inforit Premium Member Premium Member

    42
    13
    8
    Jul 30, 2014
    Ratings:
    +16
    Local Time:
    7:21 AM
    nginx/1.7.3
    MariaDB 5.5
    Thanks @pamamolf so you cant send to public then, was going crazy trying! lol
     
  11. pamamolf

    pamamolf Well-Known Member

    2,819
    251
    83
    May 31, 2014
    Ratings:
    +445
    Local Time:
    9:21 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    I am not an expert but i was not able to do it... :(

    Maybe someone else can do it and post here and help us :)