Differences
This shows you the differences between the selected revisions of the page.
faq_su 2024-09-07 | faq_su 2024-09-09 (current) | ||
Line 16: | Line 16: | ||
* With SFTP protocol, you can use //[[ui_login_sftp#protocol_options|SFTP server]]// option on //SFTP page// of Advanced Site Settings dialog to execute SFTP binary under a different user. With OpenSSH server, you can specify: \\ <code> | * With SFTP protocol, you can use //[[ui_login_sftp#protocol_options|SFTP server]]// option on //SFTP page// of Advanced Site Settings dialog to execute SFTP binary under a different user. With OpenSSH server, you can specify: \\ <code> | ||
sudo /bin/sftp-server | sudo /bin/sftp-server | ||
- | </code> Note that SFTP server binary may be located elsewhere((You can see path to SFTP binary in ''Subsystem sftp'' clause in ''/etc/ssh/sshd_config'', unless keyword ''internal-sftp'' is used instead of a path. You may also try ''whereis sftp-server''.)) (e.g. in ''/usr/lib/sftp-server'', ''/usr/lib/openssh/sftp-server'' or ''/usr/libexec/openssh/sftp-server''). | + | </code> Note that SFTP server binary may be located elsewhere((You can see path to SFTP binary in ''Subsystem sftp'' clause in ''/etc/ssh/sshd_config'', unless keyword ''internal-sftp'' is used instead of a path. You may also use ''whereis sftp-server'' command to locate the binary.)) (e.g. in ''/usr/lib/sftp-server'', ''/usr/lib/openssh/sftp-server'' or ''/usr/libexec/openssh/sftp-server''). |
* With SCP protocol, you can specify the following command as custom shell on the //[[ui_login_scp#shell|SCP/Shell page]]// of Advanced Site Settings dialog: \\ <code> | * With SCP protocol, you can specify the following command as custom shell on the //[[ui_login_scp#shell|SCP/Shell page]]// of Advanced Site Settings dialog: \\ <code> | ||
Line 34: | Line 34: | ||
Note that as WinSCP cannot implement terminal emulation, you need to have ''sudoers'' option ''requiretty'' turned off (which is default). | Note that as WinSCP cannot implement terminal emulation, you need to have ''sudoers'' option ''requiretty'' turned off (which is default). | ||
- | |||
- | Common pitfalls: | ||
- | |||
- | * The order of lines in ''/etc/sudoers'' matters. Ensure that your configuration is after ''ALL=(ALL:ALL) ALL'' (you may check by running ''sudo -l''). | ||
- | * If you restrict NOPASSWD to sftp-server only, in WinSCP, the SFTP server configuration must be ''sudo /bin/sftp-server'', not ''sudo su -c /bin/sftp-server''. |