Lock SFTP user into home dir in samba environment

Discussion in 'Server Operation' started by papaqube, Apr 29, 2006.

  1. papaqube

    papaqube New Member

    Hi Guys n girls

    I wonder if you can help me?

    I have set up a file server with SFTP access and I want to lock remote users from a local group named public-ftp into there home directory (/home/public). At the moment when i access the server from sftp client, i can browse up to the root folder and into others.

    I have done a google and chroot jail seems to be an option, however it does not seem to be secure. Can anyone shed any light as to whether this is a viable option, the folder will only be used fro file storage. Or if there is an alternative way. :confused:

    The /home/public is also a samba share in an environment where sercurity = ADS and password server = ADS DC. There are no conflicts with this config at the moment, ADS domain users have read/write and local public-ftp have read only access.

    Many Thanks

    PQ :confused:
  2. falko

    falko Super Moderator Howtoforge Staff

  3. papaqube

    papaqube New Member

    Hi Falko

    Thanks for the pointers.

    As my linux experience is limited (I am from a win 98 generation and point and click is all i no, altho i have a willingness to learn), i thought the best way to approach setting up a chroot user is through your 'CHROOTED SSH HOWTO'.

    After doing so i have had little success in signing into sftp as the (chrooted) testuser:

    # sftp testuser@localhost
    Connecting to localhost...
    /etc/ssh/ssh_config line 41: Unsupported option "GSSAPIAuthentication"
    testuser@localhost's password:
    Request for subsystem 'sftp' failed on channel 0
    Couldn't read packet: Connection reset by peer

    However i can sign on to sftp as non-chroot user. Do you no if there is any way diagnose, or if others have had success with this how on Fedora 4.

    Many Thanks, PQ

    PS Great site, i am finding a library of knowledge in learning all about linux and its community.
  4. falko

    falko Super Moderator Howtoforge Staff

    Unfortunately I don't know if this tutorial works for SFTP as my focus was on chrooted SSH...
  5. papaqube

    papaqube New Member

    Hi Faklo

    No problem. Thanks alot for your help anyway. I will endevour to motor on.

Share This Page