sftp user as superuser

Alfredo De Luca alfredo.deluca at gmail.com
Thu Jun 21 15:22:58 UTC 2018

Thanks Karl.
I ll try that.... anyway it's not wrong as all the users upload stuff
online ...and this user (a sort of back office user) needs to move stuff

That's all.

Thanks and I ll give it a try soon


On Thu, Jun 21, 2018 at 3:38 PM Karl Auer <kauer at biplane.com.au> wrote:

> On Thu, 2018-06-21 at 14:38 +0200, Alfredo De Luca wrote:
> > We have an sftp server with many users (sftp only) chrooted on their
> > directory. Those users are connected to  an IDM (freeIPA).
> Sounds normal.
> > All ok except one of those users need full access (rwx)  on all the
> > others users home directory.
> My immediate reaction is "no, they don't". I am struggling to see why
> this would ever be the case. That said, however:
> > We tried with setfacll but I wasn't able to do what I wanna do...as
> > there are other users (local) need access ssh and the setfacl breaks
> > the .ssh/authorized_keys.
> Do you REALLY want to give this special user open access to everything
> in people's home directories? It sounds wrong.
> > Any idea/clue how to do this?
> Yes - don't do it.
> If you must do it, then create a special group, change the group
> ownership to that group for just the directories and files you need
> this user to access (i.e. NOT ~/.ssh), and put just this special user
> in your special group. Set the setguid bit on all directories the
> special user requires access to, so that new files will get the same
> ownership as the directory. You may need a script to do this if the
> number of users is more than a few. You will have to make the special
> user's chroot directory the /home directory or higher.
> Then email all users to warn them that this user can see, edit and even
> delete anything they put in their home directories.
> Regards, K.
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
> Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20180621/88726d24/attachment-0001.html>

More information about the ubuntu-users mailing list