View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions SFTP access and user permissions after locking down SSH
Log in to Ask a Question

SFTP access and user permissions after locking down SSH

development

Hello,

Just got started with linode yesterday and things have been going smoothly so far (despite my somewhat noobness to linux). I set up a LAMP stack on Ubuntu with no problems, at which point I was able to use Transmit to SFTP as a root user.

However, then I went through the process of "locking down" my SSH and setting up a firewall with iptables (with help from http://articles.slicehost.com/2007/11/6 … tup-page-1">http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-1 and

http://library.linode.com/security/basi … k_down_ssh">http://library.linode.com/security/basics/#lockdownssh). So now I am logging into SFTP with my username but can only edit files in my directory. I know I can use SSH and sudo to get root access through Terminal. But sometimes I'd rather use SFTP for some of the changes I'm making, and not be limited to just my user directory.

What are my options to increase permissions for my user? At the very least I'd like to have access and permissions to change the files in my other user directories, i.e. make changes to the public_html folders in each of my websites so I don't need to keep logging in as a different user.

I also have webmin installed if that helps w/ users and groups.

Thanks for the help!

Vince

4 Replies

After doing some more digging, looks like pure-ftpd could be a good option for me. i.e. http://old.linode.com/forums/viewtopic.php?t=6021

Anyone agree or have a better suggestion?

Thanks,

Vince

Fugu (a Mac Gui for SCP), root, use cert not password (your ssh config should NOT allow root logins by password).

Thanks vonskippy. I tried Fugu and I cannot login with root since I turned off root login for security reasons. I created a new user with a cert, not password, that I want to use as my primary user but it is locked out of all directories except for its own user directory. I want this user to be able to modify all public_html directories for my various websites. I'll be using Panic's Transmit and Coda software for web development, which supports SFTP.

Do I just need to change permissions on the directories I want to be able to modify? What is the proper way to do this?

Thanks,

Vince

Well, if you want to be able to use SFTP or SCP and copy files to ANY directory, you pretty much have to use 'root'.

Otherwise you have to SFTP/SCP the files to the users home directory, then ssh in, then sudo up to root, then copy the files, then change the file permissions.

Personally, I set

PermitRootLogin without-password
ChallengeResponseAuthentication no

Gen the certs

And set my Filezilla SFTP client or WinSCP client to login as 'root' with the correct cert.

Just remember to change the ownership/rights as needed.

Of course I'm old school (scientific unix), and don't have the vast fear of using a root account that you young ubuntu fellows seem to have.

YMMV

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct