15

I'm pretty new to debian, and I'm trying to set up a server.

I have created a user who can only access his folder /home/username (and its subdirectory).

Now I want to use that user for the webserver I set up, and I have given him access to /var/www but I can't see /var/www through sftp and I did a symbolic link like this:

root@server:/home/username# ln -s /var/www www
root@server:/home/username# cd www
root@server:/home/username/www# chown username:username *

Now, with filezilla, I can see www folder like this:

Filezilla

But when I try to open it, I get this:

Open

What I'm doing wrong?

Diamond
  • 8,791
  • 3
  • 22
  • 37
Doc
  • 253
  • 1
  • 3
  • 8

2 Answers2

26

It's likely the SFTP is being chrooted, so that the directory /var/www is not available to the user in the chroot jail.

Look in /etc/ssh/sshd_config and examine the sftp directives. Do you see something like:

Match group sftp
  ChrootDirectory /home/%u
  AllowTcpForwarding no
  ForceCommand internal-sftp

The sshd_config man page is here.

Basically, once the user is in /home/username in SFTP, that directory becomes / and references outside of /home/username are not available. In fact, a symlink like ln -s /var/www /home/username/www will look like you're trying to reach /home/username/var/www (i.e., /home/username is now / so any link that references /var/www must also be a subdirectory of /home/username in the context of the chroot).

As a solution, you can turn off the chroot (but this will have other security implications, mainly with SFTP users having full rein over your filesystem). You can do a loop mount of /var/www into /home/username/www (something like mount --bind /var/www /home/username/www (check your documentation for mount) which should work as you'd expect under chroot). You can also muck with the sshd_config file to exclude that one particular user from chroot (though, again, with security implications).

I would try the bind mount first.

cjc
  • 24,533
  • 2
  • 49
  • 69
0

I resolved unlinking the symlink I made and with

root@server:/home/username# mkdir www
root@server:/home/username# mount --bind /home/username/www /var/www

(even if I've lost everything was in /var/www, but I don't care)

thanks all!

Doc
  • 253
  • 1
  • 3
  • 8
  • You haven't lost anything. Simply unmount and copy your files before you remount. – Zoredache Nov 14 '12 at 16:40
  • uuuhhh thank you! i had nothing but 1 file with a link, nothing important, but i couldn't figure out to recover it :D – Doc Nov 14 '12 at 16:41