DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2009-02-12 05:51:43

fella5
New member
Registered: 2009-02-12
Posts: 3

SFTP - Users can access everything

After installing fun_plug, I started to notice that users who I specify only to acertain folder can click the parent directory and access everything on my DNS-323.  I also notice when I sftp to the box that the directory that shows is mnt/HD_a2/ and not volume_1. 

When I do a normal FTP, everything works correctly..... So I'm guessing that the DNS-323 GUI only works with FTP Access and not SFTP.  Is there commands that I need to run on the box to prevent users from being able to access other folder when they SFTP?

My DNS-323 is running 1.06

I did look at this post but not really understanding what to do... So basically I could use the gui for ftp, but have to create users in the command line?

http://dns323.kood.org/forum/t3013-sFTP%2C-restrict-(root)%2C-restrict-directory%2C.html

Thanks!

Last edited by fella5 (2009-02-12 06:06:08)

Offline

 

#2 2009-02-12 12:32:35

RunaR
Member
Registered: 2008-08-14
Posts: 49

Re: SFTP - Users can access everything

FTP is managed through the web interface. SFTP is a part of openssh. Without extra configuration, users will have access to everything. The thread you are referring to contains the information to setup SFTP, so users can only access a certain directory. Just read this post and the following ones very carefully: http://dns323.kood.org/forum/p25752-200 … tml#p25752

Last edited by RunaR (2009-02-12 12:33:55)

Offline

 

#3 2009-02-13 03:48:29

fella5
New member
Registered: 2009-02-12
Posts: 3

Re: SFTP - Users can access everything

This is what I did:

I created a group named sftpuser from the GUI
I ssh to the box and entered the following:
  adduser -G sftpuser -s /bin/false berbee
I entered store-passwd.sh

I noticed that in the gui, the username was not in the sftpuser group!  Should I put the user berbee into the sftpuser group from the GUI?????

I did a cd /ffp/etc/ssh/
Then vi sshd-config

I added this to the end of the file:
Match group sftpuser                                                           
         ChrootDirectory /mnt/sftp                                             
         X11Forwarding no                                                     
         AllowTcpForwarding no                                                 
         ForceCommand internal-sftp

I also ran this and put it in my fun_plug

mkdir /mnt/sftp
mount --bind /mnt/HD_a2/sftp /mnt/sftp
chmod 755 /mnt/sftp

Reboot the box and use WinSCP sftp and get this:

Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended).

Last edited by fella5 (2009-02-13 05:35:12)


Attachments:
Attachment Icon DNS-323.txt, Size: 4,620 bytes, Downloads: 278

Offline

 

#4 2009-02-13 11:03:56

RunaR
Member
Registered: 2008-08-14
Posts: 49

Re: SFTP - Users can access everything

You could try to install bash http://www.inreto.de/dns323/fun-plug/0. … .html#bash
All the other things look OK to me.

Offline

 

#5 2009-02-14 03:52:40

fella5
New member
Registered: 2009-02-12
Posts: 3

Re: SFTP - Users can access everything

RunaR,

I downloaded bash, but how do you go about installing it.

I did the following but still get an error when I use WinSCP with the username berbee

    cd /mnt/HD_a2
    rsync -av inreto.de::dns323/fun-plug/0.5/packages .
    cd packages
    funpkg -i *.tgz

Thanks

Last edited by fella5 (2009-02-14 04:33:25)

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB