Are the "mount binds" similar to symbolic links? Because I don't want to store the users' files where OMV is installed...
All right. I will re-do the question then.
A mount binded folder will point directly to the storage hard drive?
I mean, this will not create a "physical" copy of the files on both locations? (binded folder and storage HDD's mounting point)
I'm setting up SFTP on openmediavault 5.6.25-1.
When attempting 'push' with sftp I get, "remote open("/backup/test.txt"): Permission denied".
I'll document what I've done in detail in case it's useful to others.
If anyone can help me with where I've gone wrong that would be much appreciated.
I'm creating folders for restic to write backups to for each user.
- add the openmediavault variables
OMV_SSHD_SUBSYSTEM_SFTP="internal-sftp"
OMV_SSHD_ALLOWGROUPS="root ssh sftp-access"monit restart omv-engined
omv-salt stage run prepare
omv-salt stage run deploy
omv-salt deploy run ssh
- set up the directories under /sftp
mkdir -p /sftp/{user1,user2}
chown root:root /sftp/{user1,user2}
chmod 755 /sftp/{user1,user2}
mkdir -p /sftp/user1/backup
- set up the directories that will be accessible via SFTP
mkdir -p /data/backup/{user1,user2}
ls -al /data/backup/
drw-rw-r--+ 2 user1 sftp-access 4096 Feb 28 17:01 user1
ls -al /sftp
drwxr-xr-x 3 root root 4096 Feb 28 08:54 user1
ls -al /sftp/user1
drw-rw-r--+ 2 user1 sftp-access 4096 Feb 28 17:01 backup
- update mount binds
# >>> [SFTP]
/srv/dev-disk-by-uuid-[uuid]/backup/user1 /sftp/user1/backup none bind,rw,nofail 0 0
/srv/dev-disk-by-uuid-[uuid]/backup/user2 /sftp/user2/backup none bind,rw,nofail 0 0
# <<< [SFTP]mount -a
- add the following to the "Extra options' in the SSH panel in the OMV GUI
Zitat von SSH Extra optionsAlles anzeigenAddressFamily any
AllowGroups sftp-access
Port 222
Match Group sftp-access LocalPort 222
ChrootDirectory /sftp/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l INFO
Here the SFTP port will be 222 and users must be in the 'sftp-access' group.
- SFTP
sftp -oPort=222 user1@server.ip
put test.txt
*this is where it all falls down* 
I can use sftp and it puts me in the correct folder but I don't have permissions to upload!
add the openmediavault variables
Here is your first problem. You do not need to do this. Just add your user to the sftp-access group. Or uncheck the AllowGroups checkbox.
If you still can't push to the folder, then it is filesystem permission problem.
set up the directories under /sftp
These should be created by the plugin.
set up the directories that will be accessible via SFTP
If you have the AllowGroup checkbox checked, the user is chroot'd and would not be able to access anything outside of the /sftp directory.
So, it sounds like you are doing many things wrong. I would guess you are not giving the user access in the shares tab. What is the output of: sudo omv-showkey sftp
I'm not using the SFTP plugin from OMV-Extras, if that's what you mean.
I don't have an 'AllowGroups' checkbox.
There's no output from sudo omv-showkey sftp.
User is in 'sftp-access' group, sorry should have documented that.
I'm not using the SFTP plugin from OMV-Extras, if that's what you mean.
I don't have an 'AllowGroups' checkbox.
There's no output from sudo omv-showkey sftp.
User is in 'sftp-access' group, sorry should have documented that.
Your last three statements only made sense if you are using the sftp plugin. And since you are trying to do everything the sftp plugin does, why not use it?
I did have the SFTP plugin but as it was undocumented I couldn't get it working so I uninstalled it. Looks like it's left some cruft behind. The guide I'm following, the one for this forum thread, doesn't reference the SFTP plugin at all. As SFTP is, after all, fairly easy, it should be possible to get it working without the plugin, I believe. It probably is file permissions that are the problem but I don't know for sure.
I did have the SFTP plugin but as it was undocumented I couldn't get it working so I uninstalled it.
I guess I don't know what needs to be documented. You enable it and give access to users/sharedfolders. What wasn't working?
The guide I'm following, the one for this forum thread, doesn't reference the SFTP plugin at all
The author of that guide and myself wrote the plugin to obsolete the guide and make it much easier for people.
As SFTP is, after all, fairly easy, it should be possible to get it working without the plugin, I believe
sftp works out of the box when ssh is enabled. Getting chroot with limited access is a what would need to be configured. And sure it is easy but so are most things that OMV does. The point is to make it even easier with a plugin and have everything in the web interface for good config management.
It probably is file permissions that are the problem but I don't know for sure.
I use the plugin myself even though I wrote most of it. I am quite sure it is permissions.
I've reinstalled the SFTP plugin.
sudo omv-showkey sftp
<sftp>
<enable>1</enable>
<port>222</port>
<passwordauthentication>1</passwordauthentication>
<pubkeyauthentication>0</pubkeyauthentication>
<allowgroups>0</allowgroups>
<rsyslog>1</rsyslog>
<extraoptions></extraoptions>
<shares>
<share>
<uuid>a2ffa10c-e8bb-4b35-bccc-300ab818a87a</uuid>
<sharedfolderref>24f7d9e1-a4ec-4b49-b08a-6d20ca9d303a</sharedfolderref>
<username>richard</username>
</share>
</shares>
</sftp>Using the Access Rights Management panels I can check that the user and the 'sftp-access' group have rw on the /backup folder.
The plugin is working great but I can't work out where on earth the permissions are wrong:
[drw-rw-r-- richard sftp-access] backup/richard
[drwxr-xr-x root root ] /sftp/richard
Looks like write access is there.
Still can't 'put' and get Access Denied.
is backup/richard in /sftp/richard/? You have Allow groups unchecked as well. Is the bind mount ro or rw in fstab?
is backup/richard in /sftp/richard/?
Yes.
tree -fpug sftp
sftp
└── [drwxr-xr-x root root ] sftp/richard
└── [drwxr-sr-x root sftp-access] sftp/richard/backup
├── [drw-rw-r-- thomas sftp-access] sftp/richard/backup/thomas
├── [drw-rw-r-- joanne sftp-access] sftp/richard/backup/joanne
└── [drw-rw-r-- richard sftp-access] sftp/richard/backup/richard
tree -fpug /data/backup
/data/backup
├── [drw-rw-r-- thomas sftp-access] /data/backup/thomas
├── [drw-rw-r-- joanne sftp-access] /data/backup/joanne
└── [drw-rw-r-- richard sftp-access] /data/backup/richard
You have Allow groups unchecked as well.
I've tried that both on and off.
Is the bind mount ro or rw in fstab?
It's rw.
# >>> [openmediavault]
/dev/disk/by-uuid/c97943d5-3ad5-4959-8938-e48c847203bc /srv/dev-disk-by-uuid-c97943d5-3ad5-4959-8938-e48c847203bc ext4 defaults,nofail,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,acl 0 2
/srv/dev-disk-by-uuid-c97943d5-3ad5-4959-8938-e48c847203bc/backup/ /sftp/richard/backup none bind,rw,nofail 0 0
# <<< [openmediavault]
Stupid question but are you using port 222?
It was definitely something with the file permissions.
I removed the 'Username/Shared Folder' link in Access List in the SFTP plugin; removed the '/backup' Shared Folder; recreated the Shared Folder '/backup' and gave the users rw privileges; finally recreated the Access List link so the entry appears in /etc/fstab. Adding a folder for each user in /backup and giving ownership to that user means only they can write to their folder and, finally, sftp can put a file. 
Thanks for the plugin and thanks for taking the time to go through it with me. It's much appreciated.
Glad you got it working.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
