Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: confiarus on September 22, 2009, 08:58:47 PM
-
I'm running SME 7.4. I've enabled RSSH to allow users to use SFTP to access their user folders using WinSCP. This works great, however, the users are able to traverse to the root and to the ibays. As well, I've set the "chroot" to the user's "home" folder in the user's remote setup.
Is there a way to restrict, or, "jail" users into their own "home" folder while logged into the server? I've read other posts on this subject, but, haven't seen any solutions. Any help would be greatly appreciated.
-
hi
googling a bit I've found this (http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html) page, I think you'll find it usefull
If you get it working, please share with an howto, thank you
-
Stefano,
Thanks for the link. I will try to see if those instructions work. I'm a novice at Linux scripting and command line instructions, but, will give it a shot.
-
confiarus
I think you want
yum install --enablerepo=smecontribs smeserver-remoteuseraccess
Then configure with server manager panel
-
Mary, thanks for the reply however, that is the first thing I did. It will restrict each user access to another user's account, however, it does not restrict each user to have access to the root files while using their SFTP client software.
-
confiarus
I think you want
yum install --enablerepo=smecontribs smeserver-remoteuseraccess
Then configure with server manager panel
this contrib will restrict users only with ftp..
IIRC in last versions of OpenSSH (5.x) there's a config directive to chroot users..
-
Stefano, thanx for reply. I tried upgrading OpenSSH to ver. 5 per http://help.webquarry.com/blogtest/2009/05/29/packaging-openssh-5-on-centos-47/ (http://help.webquarry.com/blogtest/2009/05/29/packaging-openssh-5-on-centos-47/). However, it failed at: "rpmbuild -bb openssh.spec".
I also tried the link you sent me earlier. Here's what I found:
1. I skipped to step 2 of the instruction because, when I did the yum install of remoteaccess, that installed RSSH because the rssh.conf file exists in the /etc directory.
2. Going through step 2, I found that even though creating the new users worked, the new users did not show up in the user list in the server-manager
gui.
3. I continued on anyway. However, continuing on in step 3 the command "cp -avr /etc/ld.so.cache.d/ ." failed because the file didn't exist in /etc.
At this point I stopped.
My guess is that it would not be smart to continue without all files required being where they should be. Any ideas on this ???
-
Mary, thanks for the reply however, that is the first thing I did. It will restrict each user access to another user's account, however, it does not restrict each user to have access to the root files while using their SFTP client software.
I have two users using that contrib, and while they can traverse the directory structure from WinSCP, they cannot access any files other than those they have permissions for. They cannot list the content of other users folders at all. I have not found any way to "jail" the user to their home directory though.