Hello,
I need a user to have ssh access to his virtual directory to manage his website.
I installed the Shell Extension to grant user shell access using ssh.
I edited a user and set the Login Shell selector "Shell" to /bin/bash (I find it have to be set like this in the forum)
I tried to login, success !
BUT, the user land in his /home/folder (I want to decide where he goes) and can browse anything.
That’s not what I had in mind of course and I wonder how you restrict a user to a specific directory (it may be not a pure ClearOS question).
Bernard
PS: By the way, I’m new here and with ClearOS and the community did a awesome work, great product !
I need a user to have ssh access to his virtual directory to manage his website.
I installed the Shell Extension to grant user shell access using ssh.
I edited a user and set the Login Shell selector "Shell" to /bin/bash (I find it have to be set like this in the forum)
I tried to login, success !
BUT, the user land in his /home/folder (I want to decide where he goes) and can browse anything.
That’s not what I had in mind of course and I wonder how you restrict a user to a specific directory (it may be not a pure ClearOS question).
Bernard
PS: By the way, I’m new here and with ClearOS and the community did a awesome work, great product !
In SSH Server
Location [ View Larger Map ]
Share this post:
Responses (10)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
ok I understand:
I change the home directory for user1. (usermod -m -d /var/www/virtual/thedir user1
I change user from "allusers" to "user1" for this directory. (chown -R user1:group1 /thedir)
This won’t break website publishing ?
but... still user1 has gid=63000(allusers) groups=63000(allusers)
Doesn’t that give him permission for allusers dir and files ? -
Accepted Answer
File permissions are trivial, but setting them is going to have to be done from the command line.
e.g home directory is /home/user1 and user1 belongs to group group1 directory permissions should look like this
drwxr-x--- user1 group1 with this only members of group1 will be able to enter the directory and only user1 will be able to add or remove files from the directory
Files inside the directory should have permissions
-rw-rw---- user1 group1
which means any member of group group1 can edit (and owner user1 can too) -
Accepted Answer
I have little knowledge with Linux and linux file permissions.
But I chose ClearOS that offer an easy to manage web interface (control panel) because of this.
In my mind, if I have a user that is assigned to a group what he should see and be able to edit should be assigned to this group.
This is pretty trivial in most control panel that help no-techies to manage hosting.
To answer your first question, I would like both option, terminal editing with putty, nano or vi and sftp using third party software (ftp or IDE).
But as start sftp will be great progress ! -
Accepted Answer
How is the user going to edit the files? In a terminal window using a command line editor such as vi or nano? Or is the users going to copy files using sftp to another machine then edit and copy back? The method using sftp can be fairly easily set up and the user does need access to commands (nano/vi) on the server and the user has only access to a single directory - see here for an idea of the set up - http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
Creating an ssh user that can only access one directory and a limited set of commands is doable but more complicated see here for some idea of the set up http://linuxpitstop.com/chroot-ssh-users-on-centos-7/ (generic Centos)
The most simple is to allow the user to access the server via ssh and then control what they do via file/directory permissions - the issue here is that the user will be able to move around the directory structure. How familiar are you with Linux file permissions? -
Accepted Answer
Thanks for your help Duncan,
ssh username@ip.ip.ip.ip
username@ip.ip.ip.ip's password:
Last login: Mon May 15 09:01:50 2017 from .......
-sh-4.2$ ls -l
total 1592
-rw-r--r-- 1 username allusers 1624110 Feb 22 09:42 _E540036.jpg
-sh-4.2$ pwd
/home/username
id username
uid=2002(username) gid=63000(allusers) groups=63000(allusers),60000(ftp_plugin),60002(workinggroup)
("workinggroup" is what I want him to see and edit)
As it is someone from another team to who I want to give ssh access to edit only files within the group I assigned him to.
I would like him to land directly in : /var/www/virtual/ (ok he will see all the other domain names)
And him to be able to open only directories and edit files where group = workinggroup -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »