DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2009-02-12 05:51:43
- fella5
- New member
- Registered: 2009-02-12
- Posts: 3
SFTP - Users can access everything
After installing fun_plug, I started to notice that users who I specify only to acertain folder can click the parent directory and access everything on my DNS-323. I also notice when I sftp to the box that the directory that shows is mnt/HD_a2/ and not volume_1.
When I do a normal FTP, everything works correctly..... So I'm guessing that the DNS-323 GUI only works with FTP Access and not SFTP. Is there commands that I need to run on the box to prevent users from being able to access other folder when they SFTP?
My DNS-323 is running 1.06
I did look at this post but not really understanding what to do... So basically I could use the gui for ftp, but have to create users in the command line?
http://dns323.kood.org/forum/t3013-sFTP%2C-restrict-(root)%2C-restrict-directory%2C.html
Thanks!
Last edited by fella5 (2009-02-12 06:06:08)
Offline
#2 2009-02-12 12:32:35
- RunaR
- Member
- Registered: 2008-08-14
- Posts: 49
Re: SFTP - Users can access everything
FTP is managed through the web interface. SFTP is a part of openssh. Without extra configuration, users will have access to everything. The thread you are referring to contains the information to setup SFTP, so users can only access a certain directory. Just read this post and the following ones very carefully: http://dns323.kood.org/forum/p25752-200 … tml#p25752
Last edited by RunaR (2009-02-12 12:33:55)
Offline
#3 2009-02-13 03:48:29
- fella5
- New member
- Registered: 2009-02-12
- Posts: 3
Re: SFTP - Users can access everything
This is what I did:
I created a group named sftpuser from the GUI
I ssh to the box and entered the following:
adduser -G sftpuser -s /bin/false berbee
I entered store-passwd.sh
I noticed that in the gui, the username was not in the sftpuser group! Should I put the user berbee into the sftpuser group from the GUI?????
I did a cd /ffp/etc/ssh/
Then vi sshd-config
I added this to the end of the file:
Match group sftpuser
ChrootDirectory /mnt/sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
I also ran this and put it in my fun_plug
mkdir /mnt/sftp
mount --bind /mnt/HD_a2/sftp /mnt/sftp
chmod 755 /mnt/sftp
Reboot the box and use WinSCP sftp and get this:
Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended).
Last edited by fella5 (2009-02-13 05:35:12)
Offline
#4 2009-02-13 11:03:56
- RunaR
- Member
- Registered: 2008-08-14
- Posts: 49
Re: SFTP - Users can access everything
You could try to install bash http://www.inreto.de/dns323/fun-plug/0. … .html#bash
All the other things look OK to me.
Offline
#5 2009-02-14 03:52:40
- fella5
- New member
- Registered: 2009-02-12
- Posts: 3
Re: SFTP - Users can access everything
RunaR,
I downloaded bash, but how do you go about installing it.
I did the following but still get an error when I use WinSCP with the username berbee
cd /mnt/HD_a2
rsync -av inreto.de::dns323/fun-plug/0.5/packages .
cd packages
funpkg -i *.tgz
Thanks
Last edited by fella5 (2009-02-14 04:33:25)
Offline