sftp user as superuser
Karl Auer
kauer at biplane.com.au
Thu Jun 21 13:36:27 UTC 2018
On Thu, 2018-06-21 at 14:38 +0200, Alfredo De Luca wrote:
> We have an sftp server with many users (sftp only) chrooted on their
> directory. Those users are connected to an IDM (freeIPA).
Sounds normal.
> All ok except one of those users need full access (rwx) on all the
> others users home directory.
My immediate reaction is "no, they don't". I am struggling to see why
this would ever be the case. That said, however:
> We tried with setfacll but I wasn't able to do what I wanna do...as
> there are other users (local) need access ssh and the setfacl breaks
> the .ssh/authorized_keys.
Do you REALLY want to give this special user open access to everything
in people's home directories? It sounds wrong.
> Any idea/clue how to do this?
Yes - don't do it.
If you must do it, then create a special group, change the group
ownership to that group for just the directories and files you need
this user to access (i.e. NOT ~/.ssh), and put just this special user
in your special group. Set the setguid bit on all directories the
special user requires access to, so that new files will get the same
ownership as the directory. You may need a script to do this if the
number of users is more than a few. You will have to make the special
user's chroot directory the /home directory or higher.
Then email all users to warn them that this user can see, edit and even
delete anything they put in their home directories.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
More information about the ubuntu-users
mailing list