2

I'm looking to set up a common directory which is writable via SFTP by a certain set of users. This set of users should be able to access only this directory, and only via SFTP.

I have successfully set this up, using the following sshd configuration:

Subsystem sftp internal-sftp

Match Group sftponly
        ChrootDirectory /mnt/filebucket
        ForceCommand internal-sftp
        AllowTcpForwarding no
        PermitTunnel no
        X11Forwarding no
        PasswordAuthentication yes   # temporary for testing

My users are part of the sftponly group, and they can log in and they are successfully chrooted into the directory.

The catch, though, is that I want to mount an S3 bucket (using s3fs) in this /mnt/filebucket directory. Once I mount it, the permissions on the directory change from drwxr-xr-x 2 root root (sshd approves for chroot) to drwxrwxrwx 1 root root (sshd does not approve).

Is there something about how I'm mounting this directory that is causing this issue?

Mark
  • 193
  • 6
  • Have you tried changing the permissions after it's mounted with `chmod`? – Patrick May 22 '17 at 19:34
  • @Patrick yes: `chmod: changing permissions of ‘/mnt/filebucket’: Input/output error` – Mark May 22 '17 at 20:07
  • If I set the ChrootDirectory to /mnt everything works as expected, but then users need to (cd|click) into the extra `filebucket` directory after logging in. Can this be automated? – Mark May 22 '17 at 20:35

1 Answers1

0

If I set the ChrootDirectory to /mnt everything works as expected, but then users need to (cd|click) into the extra filebucket directory after logging in. Can this be automated?

Yes, you can use -d switch to the internal-sftp, which will specify the starting directory for users.

Jakuje
  • 20,974
  • 7
  • 51
  • 70