--You can only operate under the document root. --The document root is / var / www / html.
--Login with password authentication. --Ssh is not available.
useradd sftp-user
passwd sftp-user
usermod -d / sftp-user
usermod -g apache sftp-user
chown sftp-user:apache /home/sftp-user
Point: Set the owning group to apache and set permission 775 to prevent apache permission error.
vim /etc/ssh/sshd_config
Fixes
#PasswordAuthentication no //Comment out
#Subsystem sftp /usr/libexec/openssh/sftp-server //Comment out
Subsystem sftp internal-sftp
Match User sftp-user
ChrootDirectory /var/www/sftp
ForceCommand internal-sftp -u 0002
PasswordAuthentication yes
Parameters | Description |
---|---|
Match | Specify the condition range by specifying user or group |
ChrootDirectory | Directory path to chroot |
ForceCommand | Forced command setting |
PasswordAuthentication | Whether to perform password authentication |
Note: When sftp-user uploads a file by doing ForceCommand internal-sftp -u 0002 The group is authorized. If it is not set, it will be 755, but after setting it will be 775. (Allows writing by apache by granting permissions to the group.)
Reboot after correction.
systemctl restart sshd
The first thing to keep in mind is the permissions of the directory you specify for chroot
about it.
Due to this restriction, the directory structure is as follows.
var └ www ├ Document root └ Directory specified as chroot └ Directory for delegating authority (mounting document root)
chown sftp-user:apache /var/www/html/
chmod 775 /var/www/html/
mkdir /var/www/sftp
chown root:root /var/www/sftp/
chmod 755 /var/www/sftp/
mkdir /var/www/sftp/sftp-user
chown sftp-user:apache /var/www/html/sftp-user
chmod 775 /var/www/html/sftp-user
If you do not create a directory for transferring permissions and place the document root directly under chroot, only the root user can operate it.
mount -B /var/www/html /var/www/sftp/sftp-user
option | Description |
---|---|
B | Any directory can be mounted under another directory |
Files and directories similar to the document root will be added under / var / www / sftp / sftp-user /. After uploading the files, they will be added to each other.
If you restart, it will be unmounted, so set it.
vim /etc/fstab
add to
/var/www/html /var/www/sftp/sftp-user none bind 0 0
An article that carefully describes fstab is here
that's all. Create an SFTP user if you don't want to be on the server.
Recommended Posts