SFTP Server serving root directory if specified dir not accessable

  • ryecoaaron

    Hat das Thema freigeschaltet.
    • Offizieller Beitrag

    Is this intented behaviour?

    Yep. sftp bind mounts the path. Bind mounts don't care if the path is mounted or not.

    omv 7.7.10-1 sandworm | 64 bit | 6.11 proxmox kernel

    plugins :: omvextrasorg 7.0.2 | kvm 7.1.8 | compose 7.6.10 | cterm 7.8.7 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.3.1


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • So I have figured out that allowing access only to members of the sftp group should jail them inside their directory. Now I have got the problem that even though the luks device is decryptet sftp still serves the root directory, just without access to the folders inside it. I have no way to access the desired folder.

    • Offizieller Beitrag

    Now I have got the problem that even though the luks device is decryptet sftp still serves the root directory, just without access to the folders inside it. I have no way to access the desired folder.

    The bind mounts will need to be remounted after the LUKS device is decrypted. Using LUKS has many issue with OMV because OMV expects drives to be accessible always. Unlocking on boot is my only suggestion.

    omv 7.7.10-1 sandworm | 64 bit | 6.11 proxmox kernel

    plugins :: omvextrasorg 7.0.2 | kvm 7.1.8 | compose 7.6.10 | cterm 7.8.7 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.3.1


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • The bind mounts will need to be remounted after the LUKS device is decrypted. Using LUKS has many issue with OMV because OMV expects drives to be accessible always. Unlocking on boot is my only suggestion.

    Thanks for the info but I figured out what my problem was. The reason was the "share root filesystem" plugin by omv-extras. Since I removed this one the sftp server refuses connections when the encrypted device is not mounted and only accepts requests once its unlocked. Since I don't use "share root fs" atm it is not relevant to me, but is there a possibility for a fix in the future?

    • Offizieller Beitrag

    The reason was the "share root filesystem" plugin by omv-extras.

    That isn't an omv-extras plugin. It is a core plugin.


    is there a possibility for a fix in the future?

    I gave you the only possible fix I know of (auto unlock). OMV (not the plugin) would need a major redesign to handle these filesystems that aren't mounted or even exposed until the device is decrypted. If you want something that works well, I wouldn't use LUKS.

    omv 7.7.10-1 sandworm | 64 bit | 6.11 proxmox kernel

    plugins :: omvextrasorg 7.0.2 | kvm 7.1.8 | compose 7.6.10 | cterm 7.8.7 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.3.1


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!