What:
Linux - Red Hat 6, Centos 6
Problem:
2 chrooted users need to share documents via sftp server
Solution:
Edit /etc/ssh/sshd_config
Find "Subsystem" line and comment it out
#Subsystem sftp /usr/libexec/openssh/sftp-serverAdd the following
Subsystem sftp internal-sftpMatch group - means that settings will apply to users in group sftponly
Match Group sftponly
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home/%u/sftp_jail
ForceCommand internal-sftp -u 002
ChrootDirectory - set users root directory
ForceCommand - allow only sftp connnetions, umask will make sure that correct permissions are set for new files and directories
Add sftponly group
groupadd sftponlyAdd user with main group set to sftponly
useradd test -g sftponly -s /bin/falseSet correct permissions on directories
mkdir -p /home/test/sftp_jail/sharedAdd another user called test2 as per steps above & set permissions.
chown root:sftponly /home/test /home/test/sftp_jail /home/test/sftp_jail/shared
chmod 750 /home/test /home/test/sftp_jail
chmod 775 /home/test/sftp_jail/shared
Bind mount shared directory
mount --bind /home/test/sftp_jail/shared /home/test2/sftp_jail/sharedAdd it to /etc/fstab
/home/test/sftp_jail/shared /home/test2/sftp_jail/shared none bind 0 0
Restart ssh daemon
service sshd restartP.S. Don't forget to configure SELinux
You might also consider using vsftpd which also supports ftps and quite easy to set up.
Source 1 2
No comments:
Post a Comment