PDA

View Full Version : user access



ketter
25-Apr-2016, 18:01
I'm coming from an OES/eDirectory background, so pardon my ignorance
on this. I've done some searching, but I appear to be missing
somthing. I have a SLES 11 sp4 server that I need to give one user
access to one folder. He needs to be able to add/delete/modify files
and folders in that one folder. I created a user account, but found
that he could see more than I wanted him to. So to restrict access to
that folder, I edited /etc/ssh/sshd_config and added the following:
Match user <the_username>
ChrootDirectory /path/to/folder/
After restarting sshd, I am unable to login as the user. I'm
attempting to login via WinSCP. Any suggestions?
Thanks!
Ken

--------------------------------------------------------
Create and vote for enhancements!
https://www.novell.com/products/enhancement-request.html

thsundel
25-Apr-2016, 18:08
I'm coming from an OES/eDirectory background, so pardon my ignorance
on this. I've done some searching, but I appear to be missing
somthing. I have a SLES 11 sp4 server that I need to give one user
access to one folder. He needs to be able to add/delete/modify files
and folders in that one folder. I created a user account, but found
that he could see more than I wanted him to. So to restrict access to
that folder, I edited /etc/ssh/sshd_config and added the following:
Match user <the_username>
ChrootDirectory /path/to/folder/
After restarting sshd, I am unable to login as the user. I'm
attempting to login via WinSCP. Any suggestions?
Thanks!
Ken

--------------------------------------------------------
Create and vote for enhancements!
https://www.novell.com/products/enhancement-request.html

Have you tried changing the user home directory to /path/to/folder ?

http://doc.opensuse.org/documentation/html/openSUSE_114/opensuse-reference/cha.y2.userman.html#sec.y2.userman.defaults

Thomas

ketter
25-Apr-2016, 21:30
On Mon, 25 Apr 2016 17:14:02 GMT, thsundel
<thsundel@no-mx.forums.microfocus.com> wrote:

>
>ketter;32348 Wrote:
>> I'm coming from an OES/eDirectory background, so pardon my ignorance
>> on this. I've done some searching, but I appear to be missing
>> somthing. I have a SLES 11 sp4 server that I need to give one user
>> access to one folder. He needs to be able to add/delete/modify files
>> and folders in that one folder. I created a user account, but found
>> that he could see more than I wanted him to. So to restrict access to
>> that folder, I edited /etc/ssh/sshd_config and added the following:
>> Match user <the_username>
>> ChrootDirectory /path/to/folder/
>> After restarting sshd, I am unable to login as the user. I'm
>> attempting to login via WinSCP. Any suggestions?
>> Thanks!
>> Ken
>>
>> --------------------------------------------------------
>> Create and vote for enhancements!
>> https://www.novell.com/products/enhancement-request.html
>
>Have you tried changing the user home directory to /path/to/folder ?
>
>http://doc.opensuse.org/documentation/html/openSUSE_114/opensuse-reference/cha.y2.userman.html#sec.y2.userman.defaults
>
>Thomas

I'll look into that. I will be out for a day, but I will respond back
as soon as I have a chance to try it out.
Thanks!
Ken

--------------------------------------------------------
Create and vote for enhancements!
https://www.novell.com/products/enhancement-request.html

jmozdzen
27-Apr-2016, 12:31
Hi Ken,

you have not mentioned *how* that user needs to access to the files in that folder.

Typically, if the user is to log in to that host, the user will need a "home directory". Please be aware that session-specific (but persistent) files will be stored in that directory, so if you make "your directory" the home directory of that user, extra files will pop up there after login.

If you have files in a different area of the file system, that the user needs to have access to (additionally), you can grant according permissions to that directory (and contents) but will need to make sure that the user can actually traverse the the path from "/" to the target directory.

If the user actually accesses the files from a remote machine, via i.e. NFS or SMB/CIFS, then "sharing" the target directory (and accessing it directly from the client machine) might be a more easy approach. Setting the proper permissions will then depend from the way the remote access is technically handled.

If you decide to follow the "home dir" route, Thomas' hint on setting the user's home directory within user management should put you on the right track.

Regards,
Jens

ketter
27-Apr-2016, 14:37
On Wed, 27 Apr 2016 11:34:02 GMT, jmozdzen
<jmozdzen@no-mx.forums.microfocus.com> wrote:

>If the user actually accesses the files from a remote machine, via i.e.
>NFS or SMB/CIFS, then "sharing" the target directory (and accessing it
>directly from the client machine) might be a more easy approach. Setting
>the proper permissions will then depend from the way the remote access
>is technically handled.

Jens,
Thanks for the reminder. I forgot about this method. It actually
makes more sense for this situation. I will set it up this way.
Ken

--------------------------------------------------------
Create and vote for enhancements!
https://www.novell.com/products/enhancement-request.html