Thursday, February 3, 2011

sFTP access issues on Ubuntu

I've setup sFTP access on an Ubuntu 9.10 Karmic server but i'm having what i think are permission issues.

With the sFTP account i've created it logs in automatically to:

/srv/www/domain.com/

However, i'm only actually able to upload to:

/srv/www/domain.com/public_html

This is not workable as i need to create directories etc parallel to public_html. I appreciate this is something i've probably done wrong as its patched together from a few help files.

I followed these instructions to create a group for sFTP access, i then created a user and then mod'ed their home directory using:

usermod -d /srv/www/domain.com newuser

Let me know if there's any other information you need to troubleshoot this.

OUTPUT OF COMMANDS 

> ls -al /srv/www/domain.com/ | grep public_html
drwxr-xr-x 2 newuser newuser 4096 2010-08-24 12:38 public_html

> ls -al /srv/www/ | grep domain.com
drwxr-xr-x 5 root root 4096 2010-08-24 12:21 domain.com

> groups newuser
newuser : newuser filetransfer

> ls -ld /srv/www/domain.com/
drwxr-xr-x 5 root root 4096 2010-08-24 12:21 /srv/www/domain.com/
From serverfault seengee

  • The home directory is unlikely to be the issue here, if you can see the directory you want to write to, just can't write to it.

    What is the output of the following commands:
    ls -al /srv/www/domain.com/ | grep public_html (if there's a better way to that please say so)
    groups newuser

    seengee : please see above
    James Lawrie : Sorry I misread the question, the permissions for public_html look fine but you can upload there so that's to be expected :) Try this instead (sorry for the mistake): `ls -al /srv/www/ | grep domain.com`
    seengee : added above, i tried chown'ing the domain.com dir to newuser:newuser but then the sFTP stopped working completely
    James Lawrie : I want to recommend a facl here but as they don't come with Ubuntu by default and require remounting it's probably more trouble than it's worth. Try: `chgrp filetransfer /srv/www/domain.com` `chmod 775 /srv/www/domain.com`
    seengee : @James - doesnt work i'm afraid
    From James Lawrie

  • You are using the ChrootDirectory directive of OpenSSH.

    This will only work if the home directory of the respective user is owned by root:root and is not world or global writable (ie. has the permission mask 0755 but not 0770). sshd will issue a warning in your auth.log (or the destination of syslog facility AUTH) otherwise.

    seengee : this is where i got a bit confused, the user has a directory inside `home` (/home/newuser) and has also been assigned the site directory using `usermod -d /srv/www/domain.com newuser` - is there something specific i can check?
    joschi : The user has exactly one home directory, namely `/srv/www/domain.com`. `/home/newuser` was probably created by `useradd` when you first created the user. In the setup you've described, `/srv/www/domain.com` needs to be owned by `root:root` and must not be writable by the user. You'll have to create the needed subdirectories in `/srv/www/domain.com` yourself and `chown` them to `newuser`.
    seengee : haha, i assumed i would have issues with all sub-dirs but i didnt! thanks
    From joschi
Posted by Mu Cat at 8:51 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)