OpenSSH SFTP: chrooted user with access to other chrooted users' files

Posted by HannesFostie on Server Fault See other posts from Server Fault or by HannesFostie
Published on 2010-05-04T13:17:15Z Indexed on 2010/05/07 7:48 UTC
Read the original article Hit count: 306

Filed under:

openssh

|

sftp

|

file-permissions

Decided to re-phrase the question entirely in order to not have to make a new one.

I currently have an SFTP server set up using OpenSSH's SFTP functionality. All my users are chrooted, and everything works.

What I need most right now is for one user, which is not root (because this user can't have any real SSH powers!), to have access to all other users' chrooted dirs. This user's job is to fetch all uploaded documents every once in a while.

Directory structure as of now is:

/home |_ /home/user1 |_ /home/user2 |_ /home/user3

With ChrootDirectory set as /home/%u

User "adminuser" should have access to user1, user2 and user3's directories without having access to /home or at the very least not to anything but /home.

Bonus points for the one who can tell me how to let users write inside /home/%u without having to make a new directory inside that dir which they own themselves, and not root as is the case with /home/%u (openssh chroot prerequisite).

© Server Fault or respective owner

Related posts about openssh

OpenSSH 5.9p1 on Ubuntu 11.10

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I want to build a deb package with the latest version of openssh from source. Then I want to install it on my machine. I am running: Linux Ubuntu-1110-oneiric-64-minimal 3.0.0-12-server #20-Ubuntu SMP Fri Oct 7 16:36:30 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux To achieve my goal I do: wget ftp://ftp… >>> More
SSH is not working .. Password promt is not coming

as seen on Server Fault - Search for 'Server Fault'
I am not able to SSH into my ubuntu server since yesterday. I am not using any keyless or public key method.. Its simple SSH with username and password everytime.. However I can do a VNC session running on my ubuntu server.. But I am afraid that if the vnc session goes out, I wont be having any… >>> More
Basic proxy with OpenSSH, Cygwin, Putty

as seen on Server Fault - Search for 'Server Fault'
I know this is probably a common question, but after looking around for a few hours (on this site and others), I can't find a solution. I'm trying to set up a simple proxy. I already have a server running Windows Server 2008. I've installed Cygwin and have OpenSSH installed. I also have sshd (the… >>> More
Chroot with CentOS 5.3 + openssh 4.3p2

as seen on Server Fault - Search for 'Server Fault'
OS: CentOS 5.3, with openssh 4.3p2 Trying to set 'chroot' in ssh shell, but openssh version prior to 4.8 doesn't take below settings. yum update openssh open up to version 4.3 which is quite old. Doesn't CentOS support openssh 4.8 or up? If that's the case, how to set chroot with openssh 4.3? or… >>> More
OpenSSH SFTP server with chroot()

as seen on Server Fault - Search for 'Server Fault'
I am currently setting up an SFTP server but there is one detail I can't seem to figure out. When I add a user, I would like him to connect using his client and be able to write in his "root dir" right away. My Match case for the SFTP-users group currently has ChrootDirectory set as "/home/%u",… >>> More

Related posts about sftp

Need a non-GUI SFTP tool better than "sftp"

as seen on Super User - Search for 'Super User'
'sftp' is seriously lacking relative to, say, ncftp: it has no command memory, no Tab-completion of file names, and so on. Is there a non-GUI tool for SFTP that people recommend? >>> More
Need a non-GUI SFTP tool better than "sftp"

as seen on Server Fault - Search for 'Server Fault'
'sftp' is seriously lacking relative to, say, ncftp: it has no command memory, no Tab-completion of file names, and so on. Is there a non-GUI tool for SFTP that people recommend? >>> More
SFTP jail & Keeping file ownership the same / File owner per folder

as seen on Server Fault - Search for 'Server Fault'
I want to setup a jailed SFTP account for a subfolder of another user's home folder, but want the owner of everything in that subfolder to stay the same, including new files and folders uploaded and created by the sftp user, while still allowing access to the files and folders of that subfolder as… >>> More
Enabling SFTP Access within PLESK

as seen on Server Fault - Search for 'Server Fault'
Hello everyone, I have a client who wants to ensure his upload is secure, so we are trying to enable SFTP for him on our Linux PLESK server. I have enabled SSH access to bin/bash for FTP accounts, and created a new user. When I attempt to SFTP using either the IP address or the domain name, this… >>> More
Free solution to backup folders to external SFTP server with shadow copy

as seen on Super User - Search for 'Super User'
I have an account in university on Linux machine with 10TB of free space accessible via SFTP. I would like to backup my Windows 7 x64 laptop to university. Currently I am using rsync+cygwin, but backup is pretty slow (without shadow copy) and I hate console window appearing every day on my screen… >>> More