Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am connecting to a web server running Debian. Our team uses Apache and all users are members of the www-data group. When we connect to this server via SFTP (e.g. Transmit), all of our newly uploaded files take on a group name that is the same as the user's name (i.e. their primary group).
Is there a way to change this default group assignment to www-data on SFTP? On the command line, one can type:
$ newgrp www-data
Which assigns the current user's primary group to www-data. All new files created by the user are assigned to this group. Is there an equivalent for SFTP?
Setting a directory setgid means that files created within it will acquire the directory's group ownership.
mkdir web
chgrp www-data web
chmod g+s web
You may require the additional step of setting the umask before the server process starts:
umask 0002;
/usr/lib/openssh/sftp-server
Or in sshd_config, "you can pass a flag and value in (-u 0002) like the following to set the umask value:"
Subsystem sftp /usr/lib/openssh/sftp-server -u 0002
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I would like to setup a server with the ability for users to use SFTP to download files we have placed in their user folder and delete them. But not to be able to leave their folders. I was able to get that to work, but it had the unexpected issue of causing the regular users on the server to no longer be able to upload files to the server.
I am requiring the user to use a Password and SSH Key to login.
The setup I went with was:
addgroup --system sftponly
vim /etc/ssh/sshd_config
AuthenticationMethods publickey,password
PubkeyAuthentication yes
PasswordAuthentication yes
Subsystem sftp internal-sftp -P write
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp -P write
X11Forwarding no
AllowTcpForwarding no
When Adding a User:
usermod -G sftponly $username
chown root:root /home/$username
chmod 755 /home/$username
mkdir /home/$username/ftp
chown $username:$username /home/$username/ftp
I would then put their user files in the FTP folder. Which they were able to read from and delete their own files.
What can I do to make a normal user (one not part of the sftponly group) able to upload files?
Leave the Match Group as is. Edit the "Subsystem" line.
From this:
Subsystem sftp internal-sftp -P write
To this:
Subsystem sftp internal-sftp
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have a Joomla website hosted at amazon aws and having issues with permissions.
Every time I have to go to terminal, ssh and do this to change the permissions between Joomla (www-data) and FileZilla (ubuntu)
sudo chown -R www-data.www-data /var/www/html (Joomla)
sudo chown -R ubuntu /var/www/html (File Zilla)
How do I set it so that I don't have to change this every time?
Add the ubuntu user to the www-data group
# usermod -a -G www-data ubuntu
then
# chmod g+w /var/www/html -R
(group writeable) all your files.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
ssh_config files allow you to configure an ssh client
You can specify aliases, default users and identity files for different ssh hosts, amongst other things
The docs state that the ssh_config options are loaded magically by the ssh client in the following order:
command line options
user-specific file (~/.ssh/config)
system-wide file (/etc/ssh/ssh_config)
However, these configuration options aren't automatically available/respected within a cron job context
how can you load an ssh configfile such as ~/.ssh/config for a crontab context or in a specific cronjob?
Update:
issue was this: https://superuser.com/questions/508408/public-key-always-asking-for-password-and-keyphrase
ssh --help says that there is a -F configfile option. However, I think ssh should still be checking in ~/.ssh/config and /etc/ssh/ssh_config, even when run via cron.
When run from cron, the HOME environment variable is set to point to your normal home directory, so ssh has all the information it needs to locate the standard configuration files.
I tested this by putting the following cron job in place:
* * * * * strace -o /tmp/trace -f -s 80 ssh localhost uptime > /tmp/trace
And inspecting /tmp/trace after the job has run, I see:
29079 open("/home/lars/.ssh/config", O_RDONLY) = 3
29079 open("/etc/ssh/ssh_config", O_RDONLY) = 3
Update
On my OS X machine (OS X 10.10.3), I set up the following ~/.ssh/config file:
Host stackoverflow
Hostname fileserver.house
IdentityFile fileserver_rsa
I created the following cron entry:
* * * * * ssh stackoverflow uptime > $HOME/output
The only way that would work would be if ssh were reading my ~/.ssh/config file...and it works just fine. What leads you do believe that things aren't working?
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How do I enable root login to an Ubuntu Server 12.04?
That is, to be able to ssh as root. I can only login now as a regular user.
Thanks
Make sure you have set a root password (sudo su passwd)
Depending how your ssh is installed, you usually need to edit /etc/ssh/sshd_config and change "PermitRootLogin no" to "PermitRootLogin yes"
Edit /etc/ssh/sshd_config and add the following line:
PermitRootLogin yes
You really shouldn't allow direct SSH login as root. It's a pretty major security risk. See http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html
Why not log in as a user with sudo privileges then do 'sudo bash' or 'sudo sh'
This site explains a bit more: https://askubuntu.com/questions/57040/what-is-the-difference-between-su-sudo-bash-and-sudo-sh
If you really must enable ssh as root the first link should give you the info you need to configure OpenSSH assuming that's the server you're using.
You'll have to set a root password too, this site should help: https://help.ubuntu.com/community/RootSudo#Enabling%20the%20root%20account
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
A client gave me a rsa and ppk file so I can log into their server. Im using OSX Lion and I have all my current server connections in my id_rsa file. How do I add their key so I can login with that?
If the RSA file they gave you is stored in, say, ~/client/foo_rsa.key, you could:
$ ssh -i ~/client/foo_rsa.key username#theirhost.example.com
Storing this sort of configuration in ~/.ssh/config is also a very good idea if you want a more permanent solution.
In ~/.ssh/config, add:
host clienthost
identityfile client/foo_rsa.key
hostname theirhost.example.com
user usernameonhost
You then connect simply with:
$ ssh clienthost
and the settings from the config file control your session.
The spacing above is unimportant and included only for readabilty. Read man ssh_config for details of other things you can put in this configuration file. There's A LOT of stuff you can do, including proxying your connection through other hosts, creating encrypted tunnels (for other protocols like HTTP or SOCKS) on arbitrary ports, etc.