Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sftp only account 1

Status
Not open for further replies.
bluedragon2

bluedragon2

IS-IT--Management
Jan 24, 2003
2,642
US
I have searched for some guidance on creating a sftp only account in Solaris 10 and have found limited information. What I did find did not work.

I am trying to set up a sftp only account and limit the directories in which they can access.

Thank you

[Blue]Blue[/Blue] [Dragon]

If I wasn't Blue, I would just be a Dragon...
 
Sort by date Sort by votes
One way to restrict the login to SFTP only is to create a new "shell" for that user, let's say /usr/local/bin/sftponly, containing something like this:

Code: 
#!/bin/bash
if [[ "$2" = *sftp-server ]]
then
        exec /bin/bash "$@"
else
        echo "User '$LOGNAME' is only allowed access via sftp."
        exit 1
fi

I've tested the above on Linux (no Solaris box handy right now) and it works nicely. You may prefer to use a different shell on Solaris. Also you may need to add this "shell" to /etc/shells for the system to recognise it as a valid login shell.

Restricting their access to specific directories would be more complicated, I think you'd need to set up a chroot jail. There were instructions for doing this for standard anonymous FTP on the Solaris ftpd man page, although you will likely have to copy in a bunch more libraries for sshd than you would for ftpd.

You could modify the above "shell" to initiate the chroot environment.

Annihilannic.
 
Upvote 0 Downvote
Thank you Annihilannic,

I had a similar setup like above, but the directory thing was getting me also. I found some stuff on setting up the chroot, but could not get it working.

[Blue]Blue[/Blue] [Dragon]

If I wasn't Blue, I would just be a Dragon...
 
Upvote 0 Downvote
I had a go myself and couldn't get it to work either. I used a modified sshd_config which referred to an alternative sftp-server wrapper and tried to do a chroot in there, however by that stage it is running under the unprivileged user-id, who does not have access to run a chroot environment.

So your only option I guess would be to run a whole separate SSH daemon in a chroot environment, perhaps on a different port. Or maybe look into some other products which provide this extension to sshd's capabilities...

Another option to consider is some kind of secure FTP daemon, which uses a different protocol, for example Tumbleweed SecureTransport, but that may be overkill for your requirements.

Annihilannic.
 
Upvote 0 Downvote
Thank you for the suggestions, the latter is a bit overkill and we are going to go a different route. I do appreciate your time and comments.

Thank you

[Blue]Blue[/Blue] [Dragon]

If I wasn't Blue, I would just be a Dragon...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kashyap1983
  • Locked
  • Question
sftp connection hungs, vvv mode did not helped...
Replies
1
Views
103
sbrews
sbrews
AlStl
  • Locked
  • Question
Question for Unix gurus - password less sftp and ACLs Sun Solaris
Replies
5
Views
95
Annihilannic
Annihilannic
jmarioscs
  • Locked
  • Question
Calculate number of days between two days on sun solaris only
Replies
3
Views
108
jmarioscs
jmarioscs
theniteowl
  • Locked
  • Question
Problem with root account and putty 1
Replies
3
Views
89
theniteowl
theniteowl
TrippleDuce
  • Locked
  • Question
Limiting access to SFTP and limiting directory access
Replies
1
Views
58
xkjdhdg
xkjdhdg

Part and Inventory Search

Sponsor

Back
Top