Join Log in
Score:0
BlackMiracle avatar Ubuntu

SFTP users won't be able to connect if set fstab file_mode, dir_mode other than 0755

pk flag
BlackMiracle

I'm setting up an SFTP server on Azure VM running Ubuntu Server 20.04. I'm not using local disks to store SFTP files but instead use Azure File Share and mount it via SMB 3.1.1 on fstab.

This is my fstab config

//mystorage.file.core.windows.net/sftp-storage /mount/mystorage/sftp-storage cifs nofail,credentials=/etc/smbcredentials/sftpstorage.cred,serverino,gid=1002,file_mode=0755,dir_mode=0755 0 0

Inside Azure File Share, there are many folders for each SFTP user. E.g. user1, user2 where both users are put in the same secondary group called sftpusers with gid=1002

This is when I run id user1

uid=1001(user1) gid=1001(user1) groups=1001(user1),1002(sftpusers)

This is when I run id user2

uid=1002(user2) gid=1003(user2) groups=1003(user2),1002(sftpusers)

This is the bottom of my /etc/ssh/sshd_config file

Match User user1
    ForceCommand internal-sftp
    PasswordAuthentication yes
    ChrootDirectory /mount/mystorage/sftp-storage/user1
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

Match User user2
    ForceCommand internal-sftp
    PasswordAuthentication yes
    ChrootDirectory /mount/mystorage/sftp-storage/user2
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

With above configs, both users are able to connect and chrooted to their own directories. However, none of them are able to upload files or create a directory. FileZilla would say "permission denied". Only downloading can be done.

I then thought that this was caused by file_mode=0755,dir_mode=0755 in fstab config, so I changed it to file_mode=0775,dir_mode=0775. I unmounted and re-mounted it again but this time none of the users were able to connect. I found this thread which seems very similar to my problem and tried the workaround but didn't work for me. Still can't connect.

I also tried file_mode=0777,dir_mode=0777 but didn't work either. The only permission that would allow users to connect is 0755.

When I run ls -l /mount/mystorage/sftp-storage/ this is what I got

drwxr-xr-x 2 root sftpusers 0 Sep 21 12:01 user1
drwxr-xr-x 2 root sftpusers 0 Sep 21 12:01 user2

Please guide me how to make this work. Here are what I am trying to achieve:

  • Having multiple SFTP users chrooted to their own directories
  • All SFTP users must be able to read, write, delete files and create, delete directories (under their own dir)
  • Have configs that are easy to maintain and easy to add more users in the future

I'm suspecting that this is caused by misconfigurations in permission somewhere.

Any suggestions are welcomed, thanks.

39
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.