Re: chroot and access to directory OTHER than user's home directory.....



In the last episode (Feb 09), Jon Price said:
I need to allow multiple users (users connecting from different machines)
access to a box so they can all drop (via sftp) files in a common drop
area, say /Whatever/Drop. If I use OpenSSH with chroot and a single
account "dropaccount", then all users can access that account via sftp
given the appropriate setup (sshd_config, public keys and such). The
/Whatever/Drop directory is owned by a different account name. That can't
change.

How can I allow these users to access the /Whatever/Drop directory?

Chroot the users to a common sftp root instead of their home directory
("/usr/sftpusers/" for example). You will have to tell them to cd to
"/myusername" to write to their private directory, or "/Drop" to upload to
the common dropbox directory.

Another solution might be to leave everyone chrooted in their home
directories, create a /Drop directory in everyone's home dir, and have a
crom job that runs every 5 minutes or so that moves files in
/usr/sftpusers/*/Drop/ that are older than 5 minutes into your other dropbox
directory, where you can process them at your leisure. This won't work if
they are supposed to be able to download files that other users have
uploaded, though.


--
Dan Nelson
dnelson@xxxxxxxxxxxxxxx



Relevant Pages

  • RE: chroot and sfp
    ... guides around that helped me set it up, ... Subject: chroot and sfp ... We use rssh to accomplish this, including limiting specific account to ... sftp only access. ...
    (RedHat)
  • Re: SYSTEM(14) with D3
    ... minority that might desire to utilize common across LOGTO-s. ... account and I actually want to reference it in another account, ... with in other aspects of the EXECUTE functionality: ... The original intent was that Flashbasic and non-Flash code also would ...
    (comp.databases.pick)
  • Re: flexible subroutine parameters
    ... >"common" module when it plainly is not a common module..if the outputs ... >CALL GETACCT using PARM1 PARM2 ... My goal with GETACCT is that I can pass it an account ... program doesn't have to care what "kind" of account it actually is. ...
    (comp.lang.cobol)
  • internal-sftp: client unable to initialise server with chrooted user
    ... - smartcard: Enables smartcard support ... The problem is when trying to use sftp in an internal-sftp chroot, ... Fatal: unable to initialise SFTP on server: could not connect. ...
    (SSH)
  • Re: so PayPAL is piece of mind for sellers ha ha
    ... Sorry to hear of your problems Paul, yes this is common. ... as a payment option on our websites. ... account for hundreds of times more online transactions than Paypal ...
    (uk.people.consumers.ebay)