0

I'm setting up a sftp server where clients will only have read-only access. They will log into their chroot directories, which is fine, but I need an admin account that can access/write to those directories.

/var/www/hosts <- admin chroot (root:root, 700) -- /domain1 <- client1 chroot (root:root, 700) -- /domain2 <- client2 chroot (root:root, 700) -- /domain3 <- client3 chroot (root:root, 700)

all the sftp users go to the correct spots after login but the admin account can see the sub-directories but can't enter them and obviously can't write to it.

I've tried setting ACL permissions for the sub-directories which gives the admin account write access; this works but breaks client's sftp access because sshd reports a fatal error about incorrect chroot ownership/permissions and aborts the logins.

What can I do to solve me issue?

Improve this question

1 Answer 1

Reset to default
0

ok, so i changed the permissions to 755 for all directories, created a "data" directory within each domain and set the permissions to root:admsftp 775 and modified my sshd_config to include

ForceCommand internal-sftp -d /data

so now when the client connects they are forced into the data directory, still read-only. Sure they can go up a directory but all they can do from there is go back into the "data" directory.

Not ideal but does what I need.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.