Topic: SFTP configuration not reading - 2
Hello, teka.
I installed MSS to another server.
All configuration set by default. But again I wanna group of superusers with full access and can't configure it.
sftp_config:
<Default>
GlobalDownload 50k #total speed download for all clients
# o -> bytes k -> kilo bytes m -> mega bytes
GlobalUpload 0 #total speed download for all clients (0 for unlimited)
Download 5k #limit speed download for each connection
Upload 0 #unlimit speed upload for each connection
StayAtHome true #limit client to his home
VirtualChroot true #fake a chroot to the home account
LimitConnection 100 #max connection for the server sftp
LimitConnectionByUser 5 #max connection for the account
LimitConnectionByIP 20 #max connection by ip for the account
Home /home/$USER #overrite home of the user but if you want you can use
# environment variable (ie: Home /home/$USER)
IdleTimeOut 5m #(in second) deconnect client is idle too long time
ResolveIP true #resolve ip to dns
# IgnoreHidden true #treat all hidden files as if they don't exist
# DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
# DirFakeGroup true #Hide real file/directory group (just change displayed permissions)
# DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
#Add execution right for directory if read right is set
# HideFiles "^(lost\+found|public_html)$" #Hide file/directory which match
#this extented POSIX regex
HideNoAccess true #Hide file/directory which user has no access
# MaxOpenFilesForUser 20 #limit user to open x files on same time
# MaxWriteFilesForUser 10 #limit user to x upload on same time
# MaxReadFilesForUser 10 #limit user to x download on same time
DefaultRights 0640 0750 #Set default rights for new file and new directory
# MinimumRights 0400 0700 #Set minimum rights for files and dirs
# PathDenyFilter "^\." #deny upload of directory/file which match this extented POSIX regex
ShowLinksAsLinks false #show links as their destinations
# ConnectionMaxLife 1d #limits connection lifetime to 1 day
# Charset "ISO-8859-15" #set charset of computer
# GMTTime +1 #set GMT Time (change if necessary)
</Default>
<User elkaz>
IsAdmin true #can admin the server
VirtualChroot false #you must disable chroot to have a full support of admin
StayAtHome false
IdleTimeOut 0
Home /root
HideNoAccess false
</User>
<Group root>
LogFile /var/log/sftp_admins.log
IsAdmin true
VirtualChroot false
StayAtHome false
</Group>
Logs:
2011-07-19 17:45:20 [15284]New client [elkaz] from [91.***]
2011-07-19 17:45:21 [15284][elkaz][91.***]Quit.
FileZilla:
Status: Connecting to ***...
Response: fzSftp started
Command: open "elkaz@***" 22
Command: Pass: **********
Status: Connected to ***
Status: Retrieving directory listing...
Command: pwd
Response: Current directory is: "/root"
Command: ls
Status: Listing directory /root/
Error: Unable to open .: permission denied
Why directory is root?
For example another user, which is not in root-group:
Status: Connecting to ***
Response: fzSftp started
Command: open "num8er@***" 22
Command: Pass: *****
Status: Connected to ***
Status: Retrieving directory listing...
Command: pwd
Response: Current directory is: "/"
Command: ls
Status: Listing directory /
Status: Calculating timezone offset of server...
Command: mtime ".cache"
Response: 1311001088
Status: Timezone offsets: Server: 0 seconds. Local: 18000 seconds. Difference: 18000 seconds.
Status: Directory listing successful