Admin user for linux based SFTP ServerSFTP with chroot in a folder that can not have root privilegesUbuntu...
Current across a wire with zero potential difference
What makes papers publishable in top-tier journals?
How can the probability of a fumble decrease linearly with more dice?
Best way to strengthen a wheel?
Is there a verb that means to inject with poison?
How do you get out of your own psychology to write characters?
What senses are available to a corpse subjected to a Speak with Dead spell?
What will happen if I transfer large sums of money into my bank account from a pre-paid debit card or gift card?
How does Leonard in "Memento" remember reading and writing?
Why does 0.-5 evaluate to -5?
Microtypography protrusion with Polish quotation marks
Why did Luke use his left hand to shoot?
Has any human ever had the choice to leave Earth permanently?
Translation needed for 130 years old church document
Plausible reason for gold-digging ant
After checking in online, how do I know whether I need to go show my passport at airport check-in?
Do authors have to be politically correct in article-writing?
"Starve to death" Vs. "Starve to the point of death"
Is there any risk in sharing info about technologies and products we use with a supplier?
Book where a space ship journeys to the center of the galaxy to find all the stars had gone supernova
Saint abbreviation
How to access internet and run apt-get through a middle server?
How would an AI self awareness kill switch work?
Does a paladin have to announce that they're using Divine Smite before attacking?
Admin user for linux based SFTP Server
SFTP with chroot in a folder that can not have root privilegesUbuntu 12.10 folder permissions (lost access to any folders after setting up sftp)chrooted sftp user with write permissions to /var/www1 chroot sftp user that is able to traverse all other chroot sftp users files/foldershow to allow both Apache and sftp users write in user public folders?Can't sftp into server Permission denied, please try againhow to restrict sftp only users to specific folder within the chroot directoryChanged ssh AllowUsers option and lost access to Ubuntu 14.04Change SFTP user's permissions when transferring files to webserverGCP: Can not ssh to instance after sftp config setting (ForceCommand internal-sftp)
I am able to successfully setup a SFTP user group and SFTP users using the below script on an AWS EC2 instance. While I was able to restrict SFTP users in the sftp_users group from accessing one other's directories and their contents, I now need to be able to create a admin SFTP user who can access and browse through all the contents for all SFTP folders and move stuff around. Is this possible? Like I have stated, my requirement would be to create individual SFTP users with access to ONLY their individual folders and to create a admin / super user who can access all the users sftp folders via SFTP. It is okay if the admin user has access to all file system along with SFTP users folders. I tried researching online with my limited linux skills in this context, but could not arrive at anything.
echo "`date` Creating SFTP directory...."
mkdir -p /data/sftp
echo "`date` updating sshd_config"
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
echo 'Match Group sftp_users' >> /etc/ssh/sshd_config
echo 'ChrootDirectory /data/sftp' >> /etc/ssh/sshd_config
echo 'ForceCommand internal-sftp' >> /etc/ssh/sshd_config
echo "`date` Set permissions to 701 for all folders on the efs mount"
chmod -R 701 /data
echo "`date` Set owner to root:root for all folders on the efs mount"
chown -R root:root /data
echo "`date` adding sft_users group"
groupadd sftp_users
echo "`date` restarting sshd"
systemctl restart sshd
###### Below is my user creation script that I eventually use to create individual SFTP users ######
echo "`date` creating /usr/local/bin/create_sftp_user.sh"
echo -e '#!/bin/bashnnUSER_NAME=$1nuseradd -g sftp_users -d /$USER_NAME -s /sbin/nologin $USER_NAMEn' > /usr/local/sbin/create_sftp_user.sh
echo -e 'passwd $USER_NAMEnmkdir -p /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chown $USER_NAME:sftp_users /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chmod 700 /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
chmod +x /usr/local/sbin/create_sftp_user.sh
linux ssh permissions sftp
asked 9 mins ago
SatyaSatya
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I am able to successfully setup a SFTP user group and SFTP users using the below script on an AWS EC2 instance. While I was able to restrict SFTP users in the sftp_users group from accessing one other's directories and their contents, I now need to be able to create a admin SFTP user who can access and browse through all the contents for all SFTP folders and move stuff around. Is this possible? Like I have stated, my requirement would be to create individual SFTP users with access to ONLY their individual folders and to create a admin / super user who can access all the users sftp folders via SFTP. It is okay if the admin user has access to all file system along with SFTP users folders. I tried researching online with my limited linux skills in this context, but could not arrive at anything.
echo "`date` Creating SFTP directory...."
mkdir -p /data/sftp
echo "`date` updating sshd_config"
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
echo 'Match Group sftp_users' >> /etc/ssh/sshd_config
echo 'ChrootDirectory /data/sftp' >> /etc/ssh/sshd_config
echo 'ForceCommand internal-sftp' >> /etc/ssh/sshd_config
echo "`date` Set permissions to 701 for all folders on the efs mount"
chmod -R 701 /data
echo "`date` Set owner to root:root for all folders on the efs mount"
chown -R root:root /data
echo "`date` adding sft_users group"
groupadd sftp_users
echo "`date` restarting sshd"
systemctl restart sshd
###### Below is my user creation script that I eventually use to create individual SFTP users ######
echo "`date` creating /usr/local/bin/create_sftp_user.sh"
echo -e '#!/bin/bashnnUSER_NAME=$1nuseradd -g sftp_users -d /$USER_NAME -s /sbin/nologin $USER_NAMEn' > /usr/local/sbin/create_sftp_user.sh
echo -e 'passwd $USER_NAMEnmkdir -p /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chown $USER_NAME:sftp_users /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chmod 700 /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
chmod +x /usr/local/sbin/create_sftp_user.sh
linux ssh permissions sftp
asked 9 mins ago
SatyaSatya
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I am able to successfully setup a SFTP user group and SFTP users using the below script on an AWS EC2 instance. While I was able to restrict SFTP users in the sftp_users group from accessing one other's directories and their contents, I now need to be able to create a admin SFTP user who can access and browse through all the contents for all SFTP folders and move stuff around. Is this possible? Like I have stated, my requirement would be to create individual SFTP users with access to ONLY their individual folders and to create a admin / super user who can access all the users sftp folders via SFTP. It is okay if the admin user has access to all file system along with SFTP users folders. I tried researching online with my limited linux skills in this context, but could not arrive at anything.
echo "`date` Creating SFTP directory...."
mkdir -p /data/sftp
echo "`date` updating sshd_config"
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
echo 'Match Group sftp_users' >> /etc/ssh/sshd_config
echo 'ChrootDirectory /data/sftp' >> /etc/ssh/sshd_config
echo 'ForceCommand internal-sftp' >> /etc/ssh/sshd_config
echo "`date` Set permissions to 701 for all folders on the efs mount"
chmod -R 701 /data
echo "`date` Set owner to root:root for all folders on the efs mount"
chown -R root:root /data
echo "`date` adding sft_users group"
groupadd sftp_users
echo "`date` restarting sshd"
systemctl restart sshd
###### Below is my user creation script that I eventually use to create individual SFTP users ######
echo "`date` creating /usr/local/bin/create_sftp_user.sh"
echo -e '#!/bin/bashnnUSER_NAME=$1nuseradd -g sftp_users -d /$USER_NAME -s /sbin/nologin $USER_NAMEn' > /usr/local/sbin/create_sftp_user.sh
echo -e 'passwd $USER_NAMEnmkdir -p /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chown $USER_NAME:sftp_users /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chmod 700 /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
chmod +x /usr/local/sbin/create_sftp_user.sh
linux ssh permissions sftp
asked 9 mins ago
SatyaSatya
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I am able to successfully setup a SFTP user group and SFTP users using the below script on an AWS EC2 instance. While I was able to restrict SFTP users in the sftp_users group from accessing one other's directories and their contents, I now need to be able to create a admin SFTP user who can access and browse through all the contents for all SFTP folders and move stuff around. Is this possible? Like I have stated, my requirement would be to create individual SFTP users with access to ONLY their individual folders and to create a admin / super user who can access all the users sftp folders via SFTP. It is okay if the admin user has access to all file system along with SFTP users folders. I tried researching online with my limited linux skills in this context, but could not arrive at anything.
echo "`date` Creating SFTP directory...."
mkdir -p /data/sftp
echo "`date` updating sshd_config"
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
echo 'Match Group sftp_users' >> /etc/ssh/sshd_config
echo 'ChrootDirectory /data/sftp' >> /etc/ssh/sshd_config
echo 'ForceCommand internal-sftp' >> /etc/ssh/sshd_config
echo "`date` Set permissions to 701 for all folders on the efs mount"
chmod -R 701 /data
echo "`date` Set owner to root:root for all folders on the efs mount"
chown -R root:root /data
echo "`date` adding sft_users group"
groupadd sftp_users
echo "`date` restarting sshd"
systemctl restart sshd
###### Below is my user creation script that I eventually use to create individual SFTP users ######
echo "`date` creating /usr/local/bin/create_sftp_user.sh"
echo -e '#!/bin/bashnnUSER_NAME=$1nuseradd -g sftp_users -d /$USER_NAME -s /sbin/nologin $USER_NAMEn' > /usr/local/sbin/create_sftp_user.sh
echo -e 'passwd $USER_NAMEnmkdir -p /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chown $USER_NAME:sftp_users /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
echo -e 'chmod 700 /data/sftp/$USER_NAMEn' >> /usr/local/sbin/create_sftp_user.sh
chmod +x /usr/local/sbin/create_sftp_user.sh
linux ssh permissions sftp
linux ssh permissions sftp
asked 9 mins ago
SatyaSatya
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 9 mins ago
SatyaSatya
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 9 mins ago
SatyaSatya
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 9 mins ago
SatyaSatya
1011
asked 9 mins ago
SatyaSatya
1011
1011
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Satya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Satya is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1409595%2fadmin-user-for-linux-based-sftp-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Satya is a new contributor. Be nice, and check out our Code of Conduct.
Satya is a new contributor. Be nice, and check out our Code of Conduct.
Satya is a new contributor. Be nice, and check out our Code of Conduct.
Satya is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1409595%2fadmin-user-for-linux-based-sftp-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
