Answer the question
In order to leave comments, you need to log in
Setting up access for SFTP/OpenSSH and Samba under Ubuntu?
Hello.
The task is this.
There is an Ubuntu 12.04 LTS system on which it is necessary to create some folder where everyone on the local network can write. Clients are Windows. Obviously, what needs to be done under Samba.
It is also necessary to provide remote access to this folder via SFTP.
Implemented like this:
1. Raised SFTP as specified here: solderintheveins.co.uk/2011/03/ubuntu-sftp-only-ac...
Small change: Subsystem sftp internal-sftp -u 0000
2. In /home/intdon/Share folder (owner mitya group sftponly ) a Stuff folder with various files has been created (owner - grisha group administrator, rights rwxrwxrwx).
3. Raised Samba, the ball in smb.conf is:
...
[Share]
path = /home/mitya/Share
writeable = yes
guest ok = yes
create mask = 0000
directory mask = 0000
By umask, I deliberately want to issue rwxrwxrwx so as not to fool around with sftp and samba access rights. Access rights in the local area are not critical, let them write and do what they want, remote access rights will be limited to authorization via SFTP - so there seems to be no security hole.
The problem is the following: Samba has not tested yet (I am remotely), but SFTP stubbornly ignores -u 0000 - rights are written by default. As a result, I have an obvious problem: files and folders created remotely cannot be edited and deleted from the local network.
What is wrong and where to dig? The sshd version and mana says that the -u option is supported...
WHAT???
Upd: Looks like some sample solution has been found:sysadmin.circularvale.com/server-config/setting-a-...
The problem is different: directories after this approach have the necessary rights (rwxrwxrwx), but files do not (rw-rw-rw-).
Answer the question
In order to leave comments, you need to log in
Pomoymu rwxrwxrwx = 777 I don’t understand why you forbid (0000) writing and reading to the owner group and to everyone, especially to the shared share in the local area.
as the simplest option, you can use the cron on the folder to figure out "chmod" "chown"
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question