How can I set up SFTP with chrooted groups?











up vote
1
down vote

favorite












How can I set up a working sftp server for multiple groups with a chrooted directory?










share|improve this question




















  • 1




    Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
    – terdon
    Jul 26 '16 at 7:33















up vote
1
down vote

favorite












How can I set up a working sftp server for multiple groups with a chrooted directory?










share|improve this question




















  • 1




    Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
    – terdon
    Jul 26 '16 at 7:33













up vote
1
down vote

favorite









up vote
1
down vote

favorite











How can I set up a working sftp server for multiple groups with a chrooted directory?










share|improve this question















How can I set up a working sftp server for multiple groups with a chrooted directory?







chroot openssh sftp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jul 26 '16 at 7:32









terdon

63.3k12132209




63.3k12132209










asked Feb 26 '13 at 20:23









SPeedY

1615




1615








  • 1




    Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
    – terdon
    Jul 26 '16 at 7:33














  • 1




    Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
    – terdon
    Jul 26 '16 at 7:33








1




1




Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon
Jul 26 '16 at 7:33




Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon
Jul 26 '16 at 7:33










2 Answers
2






active

oldest

votes

















up vote
0
down vote













This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.



Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..



Either way is right and it all how you do based on the environment we work and the requirement.






share|improve this answer




























    up vote
    0
    down vote













    Reposted from the OP's original question by:





    I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.



    Sudo vi /etc/ssh/sshd_config


    and add



    Subsystem sftp internal-sftp
    Match group Group-A
    ChrootDirectory /Group-A
    ForceCommand internal-sftp
    AllowTcpForwarding no

    Match group Broup-B
    ChrootDirectory /Group-B
    ForceCommand internal-sftp
    AllowTcpForwarding no


    save and exit and start creating the users and group directories:



    sudo useradd Group-A-Users
    sudo useradd Group-B-Users
    sudo passwd Username
    sudo usermod -G Group-A Group-A-Users= All users that belong to this group
    sudo usermod -G Group-B Group-B-Users= All users that belong to this group
    sudo mkdir /Group-A
    sudo mkdir /Group-B
    sudo mkdir /Group-A/Upload
    sudo mkdir /Group-B/Upload


    Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.



    sudo chown root /Group-A
    sudo chown root /Group-B
    sudo chmod go-w /Group-A
    sudo chmod go-w /Group-B
    sudo chgrp GroupName /Group-A/Upload
    sudo chgrp GroupName /Broup-B/Upload
    sudo chmod ug+rwX /Group-A/Upload
    sudo chmod ug+rwX /Group-B/Upload


    This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "89"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














       

      draft saved


      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f261663%2fhow-can-i-set-up-sftp-with-chrooted-groups%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      0
      down vote













      This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.



      Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..



      Either way is right and it all how you do based on the environment we work and the requirement.






      share|improve this answer

























        up vote
        0
        down vote













        This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.



        Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..



        Either way is right and it all how you do based on the environment we work and the requirement.






        share|improve this answer























          up vote
          0
          down vote










          up vote
          0
          down vote









          This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.



          Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..



          Either way is right and it all how you do based on the environment we work and the requirement.






          share|improve this answer












          This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.



          Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..



          Either way is right and it all how you do based on the environment we work and the requirement.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 7 '14 at 11:48









          Ashvin Ashok Kumar

          1




          1
























              up vote
              0
              down vote













              Reposted from the OP's original question by:





              I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.



              Sudo vi /etc/ssh/sshd_config


              and add



              Subsystem sftp internal-sftp
              Match group Group-A
              ChrootDirectory /Group-A
              ForceCommand internal-sftp
              AllowTcpForwarding no

              Match group Broup-B
              ChrootDirectory /Group-B
              ForceCommand internal-sftp
              AllowTcpForwarding no


              save and exit and start creating the users and group directories:



              sudo useradd Group-A-Users
              sudo useradd Group-B-Users
              sudo passwd Username
              sudo usermod -G Group-A Group-A-Users= All users that belong to this group
              sudo usermod -G Group-B Group-B-Users= All users that belong to this group
              sudo mkdir /Group-A
              sudo mkdir /Group-B
              sudo mkdir /Group-A/Upload
              sudo mkdir /Group-B/Upload


              Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.



              sudo chown root /Group-A
              sudo chown root /Group-B
              sudo chmod go-w /Group-A
              sudo chmod go-w /Group-B
              sudo chgrp GroupName /Group-A/Upload
              sudo chgrp GroupName /Broup-B/Upload
              sudo chmod ug+rwX /Group-A/Upload
              sudo chmod ug+rwX /Group-B/Upload


              This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.






              share|improve this answer



























                up vote
                0
                down vote













                Reposted from the OP's original question by:





                I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.



                Sudo vi /etc/ssh/sshd_config


                and add



                Subsystem sftp internal-sftp
                Match group Group-A
                ChrootDirectory /Group-A
                ForceCommand internal-sftp
                AllowTcpForwarding no

                Match group Broup-B
                ChrootDirectory /Group-B
                ForceCommand internal-sftp
                AllowTcpForwarding no


                save and exit and start creating the users and group directories:



                sudo useradd Group-A-Users
                sudo useradd Group-B-Users
                sudo passwd Username
                sudo usermod -G Group-A Group-A-Users= All users that belong to this group
                sudo usermod -G Group-B Group-B-Users= All users that belong to this group
                sudo mkdir /Group-A
                sudo mkdir /Group-B
                sudo mkdir /Group-A/Upload
                sudo mkdir /Group-B/Upload


                Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.



                sudo chown root /Group-A
                sudo chown root /Group-B
                sudo chmod go-w /Group-A
                sudo chmod go-w /Group-B
                sudo chgrp GroupName /Group-A/Upload
                sudo chgrp GroupName /Broup-B/Upload
                sudo chmod ug+rwX /Group-A/Upload
                sudo chmod ug+rwX /Group-B/Upload


                This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.






                share|improve this answer

























                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  Reposted from the OP's original question by:





                  I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.



                  Sudo vi /etc/ssh/sshd_config


                  and add



                  Subsystem sftp internal-sftp
                  Match group Group-A
                  ChrootDirectory /Group-A
                  ForceCommand internal-sftp
                  AllowTcpForwarding no

                  Match group Broup-B
                  ChrootDirectory /Group-B
                  ForceCommand internal-sftp
                  AllowTcpForwarding no


                  save and exit and start creating the users and group directories:



                  sudo useradd Group-A-Users
                  sudo useradd Group-B-Users
                  sudo passwd Username
                  sudo usermod -G Group-A Group-A-Users= All users that belong to this group
                  sudo usermod -G Group-B Group-B-Users= All users that belong to this group
                  sudo mkdir /Group-A
                  sudo mkdir /Group-B
                  sudo mkdir /Group-A/Upload
                  sudo mkdir /Group-B/Upload


                  Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.



                  sudo chown root /Group-A
                  sudo chown root /Group-B
                  sudo chmod go-w /Group-A
                  sudo chmod go-w /Group-B
                  sudo chgrp GroupName /Group-A/Upload
                  sudo chgrp GroupName /Broup-B/Upload
                  sudo chmod ug+rwX /Group-A/Upload
                  sudo chmod ug+rwX /Group-B/Upload


                  This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.






                  share|improve this answer














                  Reposted from the OP's original question by:





                  I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.



                  Sudo vi /etc/ssh/sshd_config


                  and add



                  Subsystem sftp internal-sftp
                  Match group Group-A
                  ChrootDirectory /Group-A
                  ForceCommand internal-sftp
                  AllowTcpForwarding no

                  Match group Broup-B
                  ChrootDirectory /Group-B
                  ForceCommand internal-sftp
                  AllowTcpForwarding no


                  save and exit and start creating the users and group directories:



                  sudo useradd Group-A-Users
                  sudo useradd Group-B-Users
                  sudo passwd Username
                  sudo usermod -G Group-A Group-A-Users= All users that belong to this group
                  sudo usermod -G Group-B Group-B-Users= All users that belong to this group
                  sudo mkdir /Group-A
                  sudo mkdir /Group-B
                  sudo mkdir /Group-A/Upload
                  sudo mkdir /Group-B/Upload


                  Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.



                  sudo chown root /Group-A
                  sudo chown root /Group-B
                  sudo chmod go-w /Group-A
                  sudo chmod go-w /Group-B
                  sudo chgrp GroupName /Group-A/Upload
                  sudo chgrp GroupName /Broup-B/Upload
                  sudo chmod ug+rwX /Group-A/Upload
                  sudo chmod ug+rwX /Group-B/Upload


                  This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  answered Jul 26 '16 at 7:33


























                  community wiki





                  terdon































                       

                      draft saved


                      draft discarded



















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f261663%2fhow-can-i-set-up-sftp-with-chrooted-groups%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                      Mangá

                      Eduardo VII do Reino Unido