How to setup virtual users for sftp (sshd) with access to a specific sub directory?
ProFTPd allows you to create virtual FTP/SFTP users and map them to a real user's uid and gid.
Related videos on Youtube
Webdesigner
Updated on September 18, 2022Comments
-
Webdesigner over 1 year
I try to setup virtual users for sftp with sshd and/or pam.
My folder structure looks like this:
/ |-- var | +-- www | +-- site1 | +-- folder_1 | +-- folder_2 | +-- site2 | +-- folder_1 | +-- folder_2
Each site dose have a Linux user (e.g. site1, site2) with the same group (site1, site2) where the home directory is e.g.
/var/www/site1
. The umask is 0022 and all files and (sub)folders for e.g.site1
haveUID=site1
anfGID=site1
and this should not be changed.I was able to setup sshd so that each Linux user gets his home directory as sftp root folder is e.g.
/var/www/site1
for usersite1
. The config in/etc/ssh/sshd_config
looks something like this
(only last few lines, the rest is default configuration):UsePAM yes Subsystem sftp internal-sftp Match User *,!root ChrootDirectory %h ForceCommand internal-sftp -u 0022 AllowTcpForwarding no
Now I want to add a Virtual User (no new Linux user or group if not needed) where the sftp root folder is e.g.
/var/www/site1/folder1
for a sftp user e.g.site1_folder1
. This user should be a child of the usersite1
and use the same UID and GID but only have access to his subdirectory.How do I have to change my configuration, and where can I add Virtual User?
I need this on Ubuntu 16.04 LTS, LAMP Server
-
Gregory about 6 yearsOpenSSH uses PAM (sshd_config file directive UsePAM) PAM. You just need to learn how to setup pam-libpsql with it - which should be an hour or so. So yes, you can have virtual users, but you will probably need to add UID/GUID field in your DB to every user. If what HellionWisp said was true, you could never setup LDAP or any external form of Authentication/Authorization. Take a look at /etc/pam.d/sshd - but I would not recommend messing up with it on a remote host, test it in local VM first! You can actually look for SSH ldap auth for hints!
-
-
Webdesigner over 6 yearsBut I neet the same UID and GUI ... I know this is posible some how... one Webprovider do it but I don't know how...
-
Bachsau over 5 yearsSFTP ≠ FTPS !!! ProFTPd is an FTP server, that also supports FTPS, which is FTP over TLS. SFTP on the other hand is a method of transfering files over an SSH connection, that has nothing in common with traditional FTP.
-
dominz88 over 5 yearsProFTPd is an FTP server, but it also supports SFTP connections proftpd.org/docs/contrib/mod_sftp.html
-
Bachsau over 5 yearsSorry, I didn't know about that feature of ProFTPd, so I thought you just mixed this up. However, I will leave my comment anyway, so that other's might get the hint.