Please little help on ssh 2nd user setup

idd · Sep 25, 2011

Can someone please help me in setting up a second user on ssh
this what i have done so far

User ID 1002
Username tom
Primary Group ID Operater
Home Directory /mnt/HD1
Shell sh
Full Name tom
E-mail
Disable logins

My question is how can i stop him seeing the Root Directory all i want him to do is access HD1 and nothing else please if someone can shed some light its driving me crazy

thank you

idd4

ProtoSD · Sep 25, 2011

Don't put him in the group "operator", make another group or assign him to the group that you have set the /mnt/HD1 directory to, as long as that group doesn't also have access to the root directory.

idd · Sep 25, 2011

protosd said:
Don't put him in the group "operator", make another group or assign him to the group that you have set the /mnt/HD1 directory to, as long as that group doesn't also have access to the root directory.

thank you for quick reply should i select Group "tom" or what would you suggest ?

Durkatlon · Sep 25, 2011

This is probably not possible. You want this user to login via ssh, therefore he needs to see the root directory, or more specifically some of the subdirectories underneath. Otherwise the user could not load his shell or execute any commands.

The proper way to restrict access to a user in such a scenario might be to put him in a "chroot jail". I don't know if anyone has tried to do this on FreeNAS8. It certainly isn't supported out of the box.

ProtoSD · Sep 25, 2011

This is probably not possible. You want this user to login via ssh, therefore he needs to see the root directory, or more specifically some of the subdirectories underneath. Otherwise the user could not load his shell or execute any commands.

Durk, I understand what you are suggesting, but with the proper permissions it is completely possible.

@idd, if you are in the 'HD1' directory, do an 'ls -ld .' this will show you the owner and group of that directory. Try adding Tom to that group and see if that helps. As Durk suggested, the parent directory permissions can make a difference. You would also need to do an 'ls -ld /mnt' to see what the owner/group was and make sure the group of /mnt is not the same as 'HD1'.

Durk, maybe at some point you & I could put together a video(s) about permissions since it seems to be a recurring topic that a lot of people don't understand. I would actually be surprised if there wasn't something on Youtube already.

ProtoSD · Sep 25, 2011

Here is a link to a post I am working on to explain permissions. It is a big topic, so it'll take me awhile to cover it.

Permissions Explained

James · Sep 26, 2011

See http://doc.freenas.org/index.php/SSH#Chrooting_SFTP_users for instructions on how to do this.

idd · Sep 26, 2011

admin said:
See http://doc.freenas.org/index.php/SSH#Chrooting_SFTP_users for instructions on how to do this.

Ok I ve tryed this so far I get the same thing folder HD2 which is fine but once i click "back folder Icon" in Program "WinSCP" it goes back to the root Directory and all the files can be seen ? any ideas

Important Announcement for the TrueNAS Community.

Please little help on ssh 2nd user setup

idd

Cadet

ProtoSD

MVP

idd

Cadet

Durkatlon

Patron

ProtoSD

MVP

ProtoSD

MVP

James

Guest

idd

Cadet

Similar threads