Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Go Back   Calgarypuck Forums - The Unofficial Calgary Flames Fan Community > Main Forums > The Off Topic Forum > Tech Talk
Reload this Page Any smart linux ppl? How to setup a ID in a specific way.
Register Forum Rules FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Search this Thread
Old 09-08-2008, 08:37 PM   #1
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default Any smart linux ppl? How to setup a ID in a specific way.
I want to create an ID (that part is easy) on an Ubuntu system that has SFTP read/write access to one directory only.. and not their own home directory, preferably a directory that another group owns. Basically the SFTP only user can have access to upload files to a directory that become part of a website, but only for that one directory.

Doesn't seem as easy as I thought as I'm finding articles on how to jail a user and stuff, but I'm not comfortable with the kinds of things they're describing.

Is there a fairly easy way to do this?

TIA
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 09-08-2008, 11:22 PM   #2
gottabekd
Powerplay Quarterback
 
Join Date: Mar 2006
Exp:
Default
I'm no expert, but I can poke around. I think a chroot jail is about the best option here. Usually sftp software will have some docs about setting up such a jail.

I can't think of any other way to do it (right).

I've used http://vsftpd.beasts.org/ and it was pretty easy to get going for a simple config.
gottabekd is offline   Reply With Quote
Old 09-09-2008, 10:17 AM   #3
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default
Ok, I'll try and figure out something like that, have to figure out what software is providing sftp services first
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 09-09-2008, 12:50 PM   #4
llama64
First Line Centre
 
llama64's Avatar
 
Join Date: Nov 2006
Location: /dev/null
Exp:
Default
Quote:
Originally Posted by photon View Post
Ok, I'll try and figure out something like that, have to figure out what software is providing sftp services first
It's probably "vsftpd" that's controlling it.

If the sftp daemon simply uses the OS to handle users, create a new user that has access only to the directory you want. I usually do this through group managment and permissions.

Hope that helps a bit.
llama64 is offline   Reply With Quote
Old 09-09-2008, 07:07 PM   #5
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default
I did that, but the downside is that the user still has all the "other" permissions, i.e. when the new user navigates the web folder to the directory they're going to they can view the files in those directories (specifically the config.php type files with database passwords).

So I'd like to jail the user to one specific directory.

vsftpd mentions something called virtual users, that might be what I'm looking for (a user not really in the OS, but one that has access to just one directory).

I'll have some time to actually work on it later tonight, I might post again then.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 03:27 PM.
Calgary Flames
2023-24



Contact Us - Calgarypuck Forums - Unofficial Calgary Flames Community - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021