Dear All,
I am currently using centos 5.5. My problem is for eg.I have user Adam. So when Adam logs in via SSH/SFTP I want to limit his view on the server folder meaning he can only see a certain limited folders. Any good tutorial for a newbie like me. I have google and some are talking on chroot, openssh etc I am very confuse and lost.
newbie14 0 Posting Pro
rch1231 169 Posting Shark
Hello,
This should help it is from O'Reily's Linix security Handbook.
Recipe 5.10 Sharing Files Using Groups
5.10.1 Problem
Two or more users want to share files, both with write privileges.
5.10.2 Solution
Create a group containing only those users, say, smith, jones, and ling:
/etc/group:
friends:x:200:smith,jones,ling
Create the shared file in a directory writable by this group:
jones$ cd
jones$ mkdir share
jones$ chmod 2770 share
jones$ chgrp friends share
jones$ ls -ld share
drwxrws--- 2 jones friends 4096 Apr 18 20:17 share/
jones$ cd share
jones$ touch myfile
jones$ chmod 660 myfile
jones$ ls -l myfile
-rw-rw---- 1 jones friends 0 Apr 18 20:18 myfile
Users smith and ling can now enter the directory and modify jones's file:
smith$ cd ~jones/share
smith$ emacs myfile
5.10.3 Discussion
smith, jones, and ling should consider setting their umasks so files they create are group writable, e.g.:
$ umask 007
$ touch newfile
$ ls -l newfile
-rw-rw---- 1 smith 0 Jul 17 23:09 newfile
The setgid bit on the directory (indicated by mode 2000 for chmod, or "s" in the output from ls -l) means that newly created files in the directory will be assigned the group of the directory. The applies to newly created subdirectories as well.
To enable this behavior for an entire filesystem, use the grpid mount option. This option can appear on the command line:
# mount -o grpid ...
or in /etc/fstab:
/dev/hdd3 /home ext2 rw,grpid 1 2
5.10.4 See Also
group(5), chmod(1), chgrp(1), umask(1).
newbie14 0 Posting Pro
Dear RCH,
But with this settings they can still traverse around other folder by just using cd .. command to view other system files etc. I want to totally limit them to a number of folder very strictly nothing else they can view or write or do anything.
rch1231 169 Posting Shark
Linux permissions are more restive than Windows. And you can turn off the ability to change directories in FTP and HTTP in linux settings. vsftpd is one of the secure ftp daemons for Linux and there is a setting in the vsftpd.conf file to turn off the cd command. Do a
man vsftpd
newbie14 0 Posting Pro
Dear Rch,
I have edited my sshd_config files as below.
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
Match
and I got this errors
Starting sshd: /etc/ssh/sshd_config: line 121: Bad configuration option: Match
/etc/ssh/sshd_config: line 123: Bad configuration option: ForceCommand
/etc/ssh/sshd_config: line 125: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 3 bad configuration options
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.