Differences
This shows you the differences between the selected revisions of the page.
| 2008-08-27 | 2009-02-12 | ||
| Improved the English (82.153.174.10) | updates according to post 23004 (martin) | ||
| Line 8: | Line 8: | ||
| ===== Use sudo on Login ===== | ===== Use sudo on Login ===== | ||
| - | In some cases you may be able to use ''[[http://www.gratisoft.us/sudo/man/sudo.html|sudo]]'' command straight after login to change a user, before file transfer session starts. | + | In some cases (with Unix/Linux server) you may be able to use ''[[http://www.gratisoft.us/sudo/man/sudo.html|sudo]]'' command straight after login to change a user, before file transfer session starts. |
| [[protocols#ftp|FTP]] protocol does not allow this. | [[protocols#ftp|FTP]] protocol does not allow this. | ||
| Line 14: | Line 14: | ||
| The [[protocols#scp|SFTP]] and [[protocols#scp|SCP]] protocols allow for this, but the actual method is platform dependant. | The [[protocols#scp|SFTP]] and [[protocols#scp|SCP]] protocols allow for this, but the actual method is platform dependant. | ||
| - | With SFTP protocol, you can use //[[ui_login_sftp#protocol_options|SFTP server]]// option on //SFTP tab// of Login dialog to execute SFTP binary under different user. Under Unix/Linux with OpenSSH server, you can specify: | + | With SFTP protocol, you can use //[[ui_login_sftp#protocol_options|SFTP server]]// option on //SFTP tab// of Login dialog to execute SFTP binary under different user. with OpenSSH server, you can specify: |
| - | sudo su -c /bin/sftp-server | + | sudo /bin/sftp-server |
| - | With SCP protocol under Unix/Linux server, you can specify following command as custom shell on the //[[ui_login_scp#shell|SCP/Shell tab]]// of Login dialog: | + | Note that SFTP server binary may be located elsewhere (e.g. in ''/usr/lib/openssh/sftp-server''). |
| - | ··sudo su - | + | With SCP protocol, you can specify following command as custom shell on the //[[ui_login_scp#shell|SCP/Shell tab]]// of Login dialog: |
| + | |||
| + | sudo -s | ||
| However typically you will not be able to provide a password for ''su'', see [[remote_command#limitations|remote command execution limitations]]. So you may be able to do the above only if you are allowed to do ''sudo su'' without being prompted with password. See ''[[http://www.gratisoft.us/sudo/man/sudo.html|sudo]]'' documentation to learn how to do that. For example you can add following line to ''[[http://www.gratisoft.us/sudo/man/sudoers.html|sudoers]]'' file (''/etc/sudoers''): | However typically you will not be able to provide a password for ''su'', see [[remote_command#limitations|remote command execution limitations]]. So you may be able to do the above only if you are allowed to do ''sudo su'' without being prompted with password. See ''[[http://www.gratisoft.us/sudo/man/sudo.html|sudo]]'' documentation to learn how to do that. For example you can add following line to ''[[http://www.gratisoft.us/sudo/man/sudoers.html|sudoers]]'' file (''/etc/sudoers''): | ||
| - | yourusername ALL=(ALL) NOPASSWD: ALL | + | yourusername ALL=NOPASSWD: ALL |
| + | |||
| + | The above line is very benevolent, it allows user ''yourusername'' connected from anywhere (the first ''ALL'') to run any command (the second ''ALL'') as a ''root'' without being asked for password. So you should restrict it as much as possible. | ||
| + | |||
| + | For example with OpenSSH you may restrict it only to SFTP session by: | ||
| + | |||
| + | yourusername ALL=NOPASSWD: /bin/sftp-server | ||
| Note that as WinSCP cannot implement terminal emulation, you need to have ''sudoers'' option ''requiretty'' turned off (what is default). | Note that as WinSCP cannot implement terminal emulation, you need to have ''sudoers'' option ''requiretty'' turned off (what is default). | ||