Score:1

sudoers.d: Allow user to not need password for sftp only

tr flag

In WinSCP, I want to be able to have sudo access. In WinSCP, Advanced > SFTP > SFTP Server: sudo su -c /usr/lib/openssh/sftp-server

In Ubuntu 22.04.1:

echo "user1 ALL=(ALL) NOPASSWD: ALL" | sudo tee "/etc/sudoers.d/user1-user"

I successfully have sudo access in WinSCP.

But I don't want to permit no password for everything. Just sftp-server. So I changed ALL to /usr/lib/openssh/sftp-server:

user1 ALL=(ALL) NOPASSWD: /usr/lib/openssh/sftp-server

In WinSCP, I get the error:

Cannot initialize SFTP protocol. Is the host running an SFTP server?

Why? Is this a problem with my syntax in Ubuntu? Or a problem with WinSCP or my settings within WinSCP?

sftp-server is found in /usr/lib/openssh/

pasman pasmański avatar
mx flag
Try `user1 ALL=(ALL) NOPASSWD: /usr/bin/su -c /usr/lib/openssh/sftp-server`
threehappypenguins avatar
tr flag
pasman pasmański, it worked. Thank you!
Score:1
tr flag

I had previously tried user1 ALL=(ALL) NOPASSWD: su -c /usr/lib/openssh/sftp-server but it didn't work. Of course it didn't work. I forgot that I need the full path for su which is /usr/bin/su. Thanks pasman pasmański!

The correct way of restricting passwordless sudo for sftp is the following:

user1 ALL=(ALL) NOPASSWD: /usr/bin/su -c /usr/lib/openssh/sftp-server
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.