SFTP starting directory

[chrisjbarry]

Is there a way to have all users in a group start in a group folder or the main folder? I have 3 groups right now all with multiple users. The file structure is
mnt/Storage/ABTR
mnt/Storage/PLEX
mnt/Storage/HOME

I've tried to make it so all users start in mnt/Storage then open up the folder they have access to, as some users are part of 2 or 3 groups. Right now folder permissions are correct. Users are starting in the home folder that was created in the main group they are part of. Example mnt/Storage/PLEX/username now this user and others have to go back one folder to see and add items to the groups folder. Inside the user name configuration I've edited home directory but it keeps defaulting back to the original location. I've tried chroot directory /mnt/Storage/ no luck this places the user in /

Anyone have this issue and fix it?
Thanks



Sent from pay phone in the airport.

 

[anodos]

This is just from memory so my information may be wrong (I'm being lazy). How did you try setting up your SFTP chroot? Note that openssh is picky about permissions on the chroot directory. It may be easiest to set it up as follows:
Create group "sftpusers"
Create dataset "/mnt/Storage/chroot" owned by root:wheel with permissions 755.
Append following options to your ssh config:

Code:

Match Group sftpusers
     ChrootDirectory /mnt/Storage/chroot
     ForceCommand internal-sftp
     AllowTcpForwarding no

Once you verify the chroot is working properly, you can create your required folders and set up their permissions as needed. If I remember correctly, user home directories don't have to be located within the chroot (this can be used to prevent them from modifying their 'authorized keys' and other config files.)

 

[chrisjbarry]

Ok this kind of worked. I did creat the chroot folder, but adding all users to sftpusers as the primary group allowed me to start in chroot folder. I did have to change the permissions on each folder inside of chroot to 775 for them each user of the group to write to it.

My next challenge is going to be how do you hide folders and items in folders from people that are not part of the group?


Sent from pay phone in the airport.

 

[anodos]

Ok this kind of worked. I did creat the chroot folder, but adding all users to sftpusers as the primary group allowed me to start in chroot folder. I did have to change the permissions on each folder inside of chroot to 775 for them each user of the group to write to it.

My next challenge is going to be how do you hide folders and items in folders from people that are not part of the group?


Sent from pay phone in the airport.

What do you mean by "hide"? If you mean "not be able to open" then just set permissions appropriately.

 

[chrisjbarry]

I have it so they can't open them. But would like it to be hidden so viewing of the folder is gone without access.


Sent from pay phone in the airport.

 

[chrisjbarry]

Have permissions on main folders set to 770 now.


Sent from pay phone in the airport.

 

[anodos]

I have it so they can't open them. But would like it to be hidden so viewing of the folder is gone without access.

I don't think that's going to be possible with sftp. You could create a file tree as follows:

Code:

Chroot/platinum/llama photos
Chroot/gold/dog photos
Chroot/hates your face/cat photos

This way you have innocuous sounding directories in your chroot, and your cat lovers won't know that you also host dog and llama photos.