How can I prevent access outside shared folder with winscp

1. offizieller Beitrag

    I have activated the SSH service in OMV for use with backups via the internet. This works fine. I use a directory homes for the user folders and access rights for these folders work properly (users can only enter their own folder, not those of other users).


    My problem is that users can also log in with for example WinSCP. The problem is that they can then enter directory levels above homes, right up to the root directory. How can I block this?


    Thanks,
    Ariwur

    • Offizieller Beitrag

    You can't block it BUT they can't access files/folders they don't have permissions on. For example, while they can see the root directory, they can't access the /root folder. They can't delete /usr. If you don't want users accessing a folder/file, change the permissions.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Thanks ryecoaaron. I just tried and you're right: they can see everything up to the root but they cannot 'touch' it. I should have tried first...
    I suppose I have to use command-line linux to change this?


    Regards,
    Ariwur

    • Offizieller Beitrag

    Command line to change permissions? The standard permissions won't let a user do anything bad to the system. They can delete data if they have privileges to it. Is there something in particular, you don't want them to see?

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Hi, I'm not really concerned about users doing something bad. All I want is to prevent them getting confused if they use WinSCP and end up somewhere outside their own home directory. If they get confused, they're going to bother me...

    • Offizieller Beitrag

    Typically, winscp starts in the user's home directory when logging in.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Hello,


    Maybe you can remove the others rights to read the folder.
    For instance, you can try with your own home directory.


    Remove the "read" for others :

    Code
    chmod -R o-r /home/yourhome


    Log in with another user account (here is usertest) and try to list it :

    Code
    [usertest@hostname root]$ ls -al /home/yourhome/
ls: cannot open directory /home/yourhome/: Permission denied


    Hope it could help

    - ASROCK FM2A88X-ITX+ (SATAIII (6Gb/s) x6 (for the DATA), mSATA x1 (for the OS))
    - AMD A6 7400K 3.5GHz
    - Corsair 2Go DDR3 1333MHz C9 (x2)
    - Intel Corporation 82574L Gigabit Network Connection
    - COOLER MASTER G450M (80+ bronze)
    - WD Red 2To 64Mo 3.5" SATAIII (6Gb/s)
    - 32 Go SSD mSATA KingSpec Half-Size Solid State
    - Fractal Design Node 304 black (HDD 3.5" x6)
    - RAID 5 XFS
    - OMV 4.1.35-1 Arrakis

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden