Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Mar 2011
Jailed FTP - need to access separate directory outside of jail.
Ubuntu with internal-sftp.
Users are jailed to /data/ftp/%u
User vendor1 needs to access upload directory in vendor2's location (same system).
Vendor2 cannot be able to view Vendor1's data. Vendor1 will be accessing 2's data and writing to that directory as needed.
There are numerous other vendors within /data/ftp and attempting to change match group to a different chrootdirectory doesn't seem to be doing the trick.
Hello, adambelial. Welcome to the forums.
If I'm understanding your situation correctly, I believe you could achieve this with a simple symbolic link and some permission editing. If your not familiar with sym-links, think of a fancy Windows shortcut.
So, try and create a symbolic link from vendor1's jailed directory to vendor2's:
ln -s /data/ftp/vendor2 /data/ftp/vendor1/vendor2_link
If you want vendor1 to be able to write in vendor2's directory, you'll need to work with permissions a bit. There are a few ways of doing this. I recommend using groups:
Create group and add vendors:
groupadd ftpvendors usermod -a -G ftpvendors vendor1 usermod -a -G ftpvendors vendor2
chgrp ftpvendors /data/ftp/vendor2 chmod 770 /data/ftp/vendor2
chmod -R 770 /data/ftp/vendor2“Things derive their being and nature by mutual dependence and are nothing in themselves.”
- Join Date
- Mar 2011
Hello Nagarjuna and thank you for the assistance.
I completely comprehend the instructions you included and appreciate the help.
The issue lies in using sftp through sshd and its apparent inability to traverse using symbolic links. Example : WinSCP and Filezilla will attempt to download the symlink as a file and then complain about UTF-8 not being enabled.
One method I have tried and I know works (But is rather not elegant) is to create another clause in my sshd_config:
#Match user Vendor1
#Match user Vendor2
Which will give Vendor1 access to Vendor2's directory and I can control access permissions to Vendor2's dir quite easily. Secondary clause permitting normal jailed access for Vendor2 without knowledge of Vendor1's directory structure.
It's inelegant but it seems to work. I'd rather have some input from the community and see if there is something I am missing versus this sort of go-around that I have come up with.
Ahh, I see..
Well, I do have one little idea that might work, we'll just have to test it out and see. That is if you haven't tried it already.
Perhaps we can use the faithful mount command's bind feature:
mkdir -p /data/ftp/vendor1/vendor2_link mount --bind /data/ftp/vendor2 /data/ftp/vendor1/vendor2_link
If it does work, simply add it to your fstab so that it auto-mounts at boot time:
/data/ftp/vendor2 /data/ftp/vendor1/vendor2_link bind defaults,bind 0 0
Last edited by Nagarjuna; 04-01-2011 at 09:03 PM.“Things derive their being and nature by mutual dependence and are nothing in themselves.”