Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to set the permissions for users to access the directory through SFTP in Linux. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

1. Check the openssh software version, think sftp service users can only access a specific file directory, the version needs more than 4.8

[root@localhost ftp] # rpm-qa | grep openssh

Openssh-server-5.3p1-81.el6_3.x86_64

Openssh-5.3p1-81.el6_3.x86_64

Openssh-clients-5.3p1-81.el6_3.x86_64

two。 New users are added to restrict access to sftp.

The code is as follows:

[root@localhost ftp] # useradd-m-d / opt/ftp/dave-s / sbin/nologin dave

3. Restrict users to enter the home directory only when logging in through sftp, modify the / etc/ssh/sshd_config file

The code is as follows:

[root@localhost ftp] # vim / etc/ssh/sshd_config

# Subsystem sftp / usr/libexec/openssh/sftp-server

Subsystem sftp internal-sftp

Match User dave

ChrootDirectory / opt/ftp/dave

X11Forwarding no

AllowTcpForwarding no

ForceCommand internal-sftp

Restart ssh

4. Test access

The code is as follows:

Root@10.1.1.200:test# sftp-oPort=22 dave@10.1.6.175

Connecting to 10.1.6.175...

Dave@10.1.6.175's password:

Read from remote host 10.1.6.175: Connection reset by peer

Couldn't read packet: Connection reset by peer

Found that the connection is not available, check the log.

The code is as follows:

[root@localhost ftp] # tail / var/log/messages

Jan 6 11:41:41 localhost sshd [4907]: fatal: bad ownership or modes for chroot directory "/ opt/ftp/dave"

Jan 6 11:41:41 localhost sshd [4905]: pam_unix (sshd:session): session closed for user dave

Solution:

There are two points to follow when setting directory permissions:

The directory permissions set by ChrootDirectory and all its parent folder permissions, the master and subordinate groups must be root

For the directory permissions set by ChrootDirectory and all its parent folder permissions, only the owner can have write permissions, and the maximum permission setting can only be 755.

If the above two points are not followed, even if the directory belongs to only one user, it may affect all SFTP users.

The code is as follows:

[root@localhost ftp] # ll

Total 4

Drwxr-xr-x 3 dave dave 4096 Jan 5 13:06 dave

[root@localhost ftp] # chown root:root dave

[root@localhost ftp] # chmod 755 dave

[root@localhost ftp] # ll

Total 4

Drwxr-xr-x 3 root root 4096 Jan 5 13:06 dave

Then pass the test.

The code is as follows:

Root@10.1.1.200:test# sftp-oPort=22 dave@10.1.6.175

Connecting to 10.1.6.175...

Dave@10.1.6.175's password:

Sftp > ls

Test

Sftp > cd..

Sftp > ls

Test

Sftp > cd test

Sftp > ls

1.txt

Sftp > get 1.txt

Fetching / test/1.txt to 1.txt

/ test/1.txt

After reading the above, do you have any further understanding of how to set the user's access to the directory through SFTP in Linux? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.