[CentOS] Trouble removing files in chrooted sftp
Myyrä, Timo
timo.myyra at edita.fiMon Jan 9 10:31:55 UTC 2017
- Previous message: [CentOS] How to downgrade gtk2 libs in CentOS 6.8?
- Next message: [CentOS] Trouble removing files in chrooted sftp
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I have trouble setting up chrooted SFTP for our user.
I got the basic SFTP chroot working, user is chrooted to its home
directory, I've added /home/userb/etc directory with dummy passwd, group
and localtime files.
The problem is that instead of only accessing its own files, I need the
user to be able to remove another users files.
I have web application which runs as different user, the sftp user is
member of the web users group. I then setup bind mounts from web users data
dir to chrooted users home directory.
The chrooted user can't remove any files in the directory owned by another
user. The directory permissions are 0775 so they should allow the access.
If I don't use chroot I can remove the file just fine so it seems to be
something on the chroot that limits the access.
I tried to add simple directory, checked the permissions and tried to
delete file and it failed as well so the bind mount should be the issue.
Here's sample output:
# cat etc/{passwd,group}
webapp-user:x:5020:5020::/home/webapp-user:/sbin/nologin
chroot-user:x:5029:10000::/home/chroot-user:/sbin/nologin
root:x:0:0:not really root:::
sftp-chroot:x:10000:chroot-user
webapp-user:x:5020:chroot-user
# ls -lR
.:
total 0
drwx--x--- 2 root sftp-chroot 61 Jan 5 07:34 etc
drwxr-x--- 2 chroot-user sftp-chroot 6 Nov 20 2015 failed
drwxr-x--- 2 chroot-user sftp-chroot 16 Jan 5 07:46 input
drwxrwxr-x 2 webapp-user webapp-user 98 Jan 5 07:18 intranet
./etc:
total 16
-rw-r--r-- 1 root root 55 Jan 5 07:34 group
-rw-r----- 1 root root 1883 Jan 5 06:45 localtime
-rw-r--r-- 1 root root 172 Jan 5 06:51 passwd
-rw-r--r-- 1 root root 105 Jan 5 06:46 passwd~
./failed:
total 0
./input:
total 0
./intranet:
total 72
-rw-rw-r-- 1 chroot-user sftp-chroot 0 Jan 5 07:02 test1.txt
-rw-rw-r-- 1 webapp-user webapp-user 0 Jan 5 07:02 test2.txt
So why can't I remove the intranet/test* files inside sftp chroot even if
the chroot-user is member of webapp-user group and the directory itself has
group permissions?
Br,
Timo M
- Previous message: [CentOS] How to downgrade gtk2 libs in CentOS 6.8?
- Next message: [CentOS] Trouble removing files in chrooted sftp
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list