MySecureShell moved to github !

insertion85 · 2011-01-25 11:05:11

insertion85
MSS Newbie
Offline

Registered: 2011-01-25
Posts: 1

Topic: utilisateur qui remonte l'arboressence

bonjour,

débutant sur ubuntu et en serveur mal grès mes recherches je ni arrive pas à bloquer mon user dans son répertoire

j'ai fait un autre user lui à permision denied

le tout avec filezilla

***********************************************

voici déjà le fichier config

<Default>
Home /home/$USER
DefaultRights 0640 0750
GlobalDownload 50k
Upload 0
LimitConnectionByUser 5
StayAtHome true
DirFakeUser true
ShowLinksAsLinks false
LimitConnection 10
HideNoAccess true
Download 5k
IdleTimeOut 300
ResolveIP true
VirtualChroot true
GlobalUpload 0
LimitConnectionByIP 5
Charset ISO-8859-15
</Default>

<User pat>
IsAdmin true
</User>

**************************************
le sftp verif

#################################################
-e # MySecureShell Verification Tool #
-e #################################################

-e ** Verifing file existance **

-e Verifing file existance of /bin/MySecureShell [ OK ]
-e Verifing file existance of /usr/bin/sftp-who [ OK ]
-e Verifing file existance of /usr/bin/sftp-kill [ OK ]
-e Verifing file existance of /usr/bin/sftp-state [ OK ]
-e Verifing file existance of /usr/bin/sftp-admin [ OK ]
-e Verifing file existance of /usr/bin/sftp-verif [ OK ]
-e Verifing file existance of /etc/ssh/sftp_config [ OK ]

-e
** Verifing rights **

-e Verifing file rights of /etc/ssh/sftp_config [ OK ]
-e Verifing file rights of /usr/bin/sftp-who [ OK ]
-e Verifing file rights of /usr/bin/sftp-verif [ OK ]
-e Verifing file rights of /usr/bin/sftp-state [ OK ]
-e Verifing file rights of /usr/bin/sftp-kill [ OK ]
-e Verifing file rights of /usr/bin/sftp-admin [ OK ]
-e Verifing file rights of /bin/MySecureShell [ OK ]
-e

** Verifing rotation logs **
MySecureShell rotation logs [ OK ]

** Verifing server status **
Verifing server status (ONLINE) [ OK ]

*************************************************
mes deux utilisateur font bien partit du groupe ssh

merci d'avance de vos aides

teka · 2011-01-27 18:08:16

teka
Administrator
Offline

From: France
Registered: 2007-11-18
Posts: 806

Re: utilisateur qui remonte l'arboressence

Bonsoir,

Que contient le fichier de log ? (par défaut /var/log/sftp-server.log)

Free · 2011-02-18 05:35:22

Free
MSS Newbie
Offline

Registered: 2011-02-18
Posts: 8

Re: utilisateur qui remonte l'arboressence

Bonjour,

J'ai un problème identique, aussi avec Ubuntu. Les utilisateurs peuvent remonter l'arborescence.

sftp-verif donne OK partout

################################################################################
                        MySecureShell Verification Tool
################################################################################

### Verifing file existance ###

/bin/MySecureShell                                                       [ OK ]
/usr/bin/sftp-who                                                        [ OK ]
/usr/bin/sftp-kill                                                       [ OK ]
/usr/bin/sftp-state                                                      [ OK ]
/usr/bin/sftp-admin                                                      [ OK ]
/usr/bin/sftp-verif                                                      [ OK ]
/usr/bin/sftp-user                                                       [ OK ]


### Verifing rights ###

Verifing file rights of /etc/ssh/sftp_config                             [ OK ]
Verifing file rights of /usr/bin/sftp-who                                [ OK ]
Verifing file rights of /usr/bin/sftp-verif                              [ OK ]
Verifing file rights of /usr/bin/sftp-user                               [ OK ]
Verifing file rights of /usr/bin/sftp-kill                               [ OK ]
Verifing file rights of /usr/bin/sftp-state                              [ OK ]
Verifing file rights of /usr/bin/sftp-admin                              [ OK ]
Verifing file rights of /bin/MySecureShell                               [ OK ]


### Verifing rotation logs ###

Rotation logs have been found                                            [ OK ]


### Verifing server status ###

Verifing server status (ONLINE)                                          [ OK ]


### Verifing server dependencies ###

Show only error(s) :


### Verifing server configuration ###

Show only error(s) :
Trying user: root
Checking user : work


### All tests dones ###

Configuration non modifiée :

## MySecureShell Configuration File ##
#Default rules for everybody
<Default>
        GlobalDownload          50k     #total speed download for all clients
                                        # o -> bytes   k -> kilo bytes   m -> me
ga bytes
        GlobalUpload            0       #total speed download for all clients (0
 for unlimited)
        Download                5k      #limit speed download for each connectio
n
        Upload                  0       #unlimit speed upload for each connectio
n
        StayAtHome              true    #limit client to his home
        VirtualChroot           true    #fake a chroot to the home account
        LimitConnection         10      #max connection for the server sftp
        LimitConnectionByUser   1       #max connection for the account
        LimitConnectionByIP     2       #max connection by ip for the account
        Home                    /home/$USER     #overrite home of the user but i
f you want you can use
                                                #       environment variable (ie
: Home /home/$USER)
        IdleTimeOut             5m      #(in second) deconnect client is idle to
o long time
        ResolveIP               true    #resolve ip to dns
#       IgnoreHidden            true    #treat all hidden files as if they don't
 exist
#       DirFakeUser             true    #Hide real file/directory owner (just ch
ange displayed permissions)
#       DirFakeGroup            true    #Hide real file/directory group (just ch
ange displayed permissions)
#       DirFakeMode             0400    #Hide real file/directory rights (just c
hange displayed permissions)
                                        #Add execution right for directory if re
ad right is set
#       HideFiles               "^(lost\+found|public_html)$"   #Hide file/direc
tory which match
                                                                #this extented P
OSIX regex
        HideNoAccess            true    #Hide file/directory which user has no a
ccess
#       MaxOpenFilesForUser     20      #limit user to open x files on same time
#       MaxWriteFilesForUser    10      #limit user to x upload on same time
#       MaxReadFilesForUser     10      #limit user to x download on same time
        DefaultRights           0640 0750       #Set default rights for new file
 and new directory
#       MinimumRights           0400 0700       #Set minimum rights for files an
d dirs

#       PathDenyFilter          "^\."   #deny upload of directory/file which mat
ch this extented POSIX regex

        ShowLinksAsLinks        false   #show links as their destinations
#       ConnectionMaxLife       1d      #limits connection lifetime to 1 day

#       Charset                 "ISO-8859-15"   #set charset of computer
#       GMTTime                 +1      #set GMT Time (change if necessary)
</Default>

#Rules only for group ftp
#<Group ftp>
#       Download        25 k/s
#       LogFile         /var/log/sftp-server_ftp.log    #Change logfile
#       ExpireDate      "2007-02-28 18:31:01"
#</Group>

#<Group sftp_administrator>
#       IsAdmin         true            #can admin the server
#       VirtualChroot   false           #you must disable chroot to have a full
support of admin
#       StayAtHome      true
#       IdleTimeOut     0
#</Group>

#<Group old_client>
#       SftpProtocol            3       #force protocol SFTP
#       DisableAccount          true    #disable account
#</Group>

#Rules only for group ftpnolimit
#<Group ftpnolimit>
#       Download                0       #0 = unlimited
#       IdleTimeOut             0       #no timeout
#       DirFakeUser             false   #show real user on file/directory
#       DirFakeGroup            false   #show real group on file/directory
#       DirFakeMode             0       #show real rights on file/directory
#       HideFiles               ""      #show all files
#       MaxReadFilesForUser     0       #0 = unlimited but still have the restri
ction MaxOpenFilesForUser
#</Group>

#<IpRange 192.168.0.1-192.168.0.5>
#       ByPassGlobalDownload    true    #bypass GlobalDownload restriction
#       ByPassGlobalUpload      true    #bypass GlobalUpload restriction
#       Download                0
#       DisableAccount          false   #enable account
#       IdleTimeOut             0       #disable timeout
#       LimitConnectionByIP     0       #no limit
#</IpRange>

#<Group trusted_users>
#       Shell           /bin/tcsh       #give a shell access to TRUSTED clients
!!!
#</Group>

#<VirtualHost *:22>
#       DirFakeUser     false   #show real user on file/directory
#       DirFakeGroup    false   #show real group on file/directory
#       DirFakeMode     0       #show real rights on file/directory
#       HideNoAccess    false
#       IgnoreHidden    false
#</VirtualHost>

#Include /etc/my_sftp_config_file       #include this valid configuration file
root@serveurcentral:/var/log#

Free · 2011-02-18 05:40:33

Free
MSS Newbie
Offline

Registered: 2011-02-18
Posts: 8

Re: utilisateur qui remonte l'arboressence

Désolé. Je viens de me rendre que le problème est discuter ici :

http://mysecureshell.free.fr/forum/viewtopic.php?id=222

Mais, je ne vois pas de cause ni de solution...

MySecureShell moved to github !

[ Closed ] utilisateur qui remonte l'arboressence

Posts: 4

1 Topic by insertion85 2011-01-25 11:05:11

Topic: utilisateur qui remonte l'arboressence

2 Reply by teka 2011-01-27 18:08:16

Re: utilisateur qui remonte l'arboressence

3 Reply by Free 2011-02-18 05:35:22

Re: utilisateur qui remonte l'arboressence

4 Reply by Free 2011-02-18 05:40:33

Re: utilisateur qui remonte l'arboressence

Posts: 4