Allow others access to home own directory chroot ~ ...

On the last week, developer told me that he need to write the data to sftp folder of customer.

Humnnn, break out the chroot?
It comes fast to me. I am using the chroot to jail sftp user, they can not come around others and do anything (limited access to files normally in their own home directory). And now developer want to allow access to this.

Providing convenience to users, while still ensure safety system, I always think about this when making. What is the next step?

Use "setfacl" to grant the permission for developer? Nope! it will break the sftp service.
Add developer user to sftp group? Nope! it also break the sftp service.
What the help? I think about "mount", googled, "mount --bind" . Ok, choose it.

Ok, let do it. But sftp service has broken. What happened? Open chat box & chat to HE, HE told me that the "mount --bind" is right!

Re-thinking, it seems to be that I have a issues with sftp permission. Right! I do again.

mount --bind /home/A/ /home/B/

notice:
/home/A :sftp user
/home/B: developer

After this the developer will be able to write the data into sftp chroot, sftp user will be albe to see the needed files in his home directory and use them.

What happened if the server has rebooted? the mount --bind will break?
Yes, thus you need to make add the mount command in startup script or you can just include as below (/etc/fstab)

/home/A/ /home/B/ none bind 0 0

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

...

I'm Tien. I love to write, share my knowledge, help others and also learn from others as I believe everyone has something which can be learned. You can reach me at 4flancake at gmail dot com

Allow others access to home own directory chroot

0 nhận xét:

Post a Comment

Pages

Contact Me

Popular Posts

Categories

Blog Archive