Problems with SFTP
but something's just not working.
First of all I was geting this error:
"Directive 'UsePAM' is not allowed within a Match block" after trying to execute "/etc/init.d/ssh restart.
I found the solution with putting the Match block at the very end of the config file.
Second, this guide doesn't tell that I need to create a user and how, so I found that here http://library.linode.com/LikRHS
My problem now is this:
when I try to execute the last line of code:
chown username:username *
I get this error:
chown: invalid group: `username:username'
I need to make that a user that I created can go only to /srv/www/exaple.com
Please help, I'm stuck with this for 2 days now…
10 Replies
chown username:group *
should be, and not username:username *.
This way, I can log in to the site with SFTP, in the right place /srv/www/example.com, BUT user can see all files on the server.
How can I fix that last thing, so that user can see only his files in /srv/www/example.com ?
@AndrijaM:
Well, I'm trying to provide SFTP access for another user, I'm following this guide
http://library.linode.com/security/sftp-jails/ but something's just not working.
Thats what I'm refering to, but I can't get it to work. Anybody else, anything?
@AndrijaM:
Thanks, but
:)
@AndrijaM:Well, I'm trying to provide SFTP access for another user, I'm following this guide
http://library.linode.com/security/sftp-jails/ but something's just not working.
Thats what I'm refering to, but I can't get it to work. Anybody else, anything?
Yes, sorry.
I've just tried that setup and it worked for me. I think your jail is not working at all.
Is /var/www/example.com HOME directory for that username? You can check it executing "env" from console with the username rights, and you will see one line "HOME=/your/home/path".
That HOME should be /var/www/example.com. If it isn't, you can edit your user with "usermod -d /var/www/example.com username".
@drpks:
Is /var/www/example.com HOME directory for that username? You can check it executing "env" from console with the username rights, and you will see one line "HOME=/your/home/path".
Can you tell me exactly what should I type for env command, what is the correct syntax?
If I type env username
I get no such file or directory
@drpks:
That HOME should be /var/www/example.com. If it isn't, you can edit your user with "usermod -d /var/www/example.com username".
When I try usermod -d /var/www/example.com username
I get usermod: no changes, I guess that means that's fine.
As I said, I'm able to login, but the user can see everything else on the server, he can browse to the top, he can't write anywhere else but in his directory example.com, but I need also that he can not see anything else but his own site.
You have to be logged-in in a console as "john" and type "env" command. "env" shows users environment variables. Alternatively, you can type "echo $HOME". It should return "HOME=/var/www/example.com"
If it isn't, you must change it with "usermod -d /var/www/example.com john"(run as root).
I think you have set up in your SCP/FTP client the remote path to /var/www/example.com… that's why you can login.
have to say this manual
And also, there is one big mistake, well I don't know if it's a mistake, but it did not worked for me:
the last line of code in manual:
*
is not working for me, I had to change it like this:
and after that all works fine, user can log into his site-directory, and can not see other stuff on server.
@drpks
thanks
Though using something like user:group would be more generic, and still applicable to Debian/Ubuntu (perhaps with a comment that the default group is typically the same as the user).
– David
I was thinking why is this command not working, and I tried username:usergroup and it worked, but I lost about a week on all this…
I will submit a comment there in the manual with link to this thread, I'm sure someone will need this sooner or later