Differences
This shows you the differences between the selected revisions of the page.
| 2024-09-07 | 2024-09-09 (current) | ||
| Oops, duplicate note (martixy) | clarification + thanks, but this is not sudo manual (and we suggest to use "su" and not "sudo su" already above) (martin) | ||
| Line 16: | Line 16: | ||
| * With SFTP protocol, you can use //[[ui_login_sftp#protocol_options|SFTP server]]// option on //SFTP page// of Advanced Site Settings dialog to execute SFTP binary under a different user. With OpenSSH server, you can specify: \\ <code> | * With SFTP protocol, you can use //[[ui_login_sftp#protocol_options|SFTP server]]// option on //SFTP page// of Advanced Site Settings dialog to execute SFTP binary under a different user. With OpenSSH server, you can specify: \\ <code> | ||
| sudo /bin/sftp-server | sudo /bin/sftp-server | ||
| - | </code> Note that SFTP server binary may be located elsewhere((You can see path to SFTP binary in ''Subsystem sftp'' clause in ''/etc/ssh/sshd_config'', unless keyword ''internal-sftp'' is used instead of a path. You may also try ''whereis sftp-server''.)) (e.g. in ''/usr/lib/sftp-server'', ''/usr/lib/openssh/sftp-server'' or ''/usr/libexec/openssh/sftp-server''). | + | </code> Note that SFTP server binary may be located elsewhere((You can see path to SFTP binary in ''Subsystem sftp'' clause in ''/etc/ssh/sshd_config'', unless keyword ''internal-sftp'' is used instead of a path. You may also use ''whereis sftp-server'' command to locate the binary.)) (e.g. in ''/usr/lib/sftp-server'', ''/usr/lib/openssh/sftp-server'' or ''/usr/libexec/openssh/sftp-server''). |
| * With SCP protocol, you can specify the following command as custom shell on the //[[ui_login_scp#shell|SCP/Shell page]]// of Advanced Site Settings dialog: \\ <code> | * With SCP protocol, you can specify the following command as custom shell on the //[[ui_login_scp#shell|SCP/Shell page]]// of Advanced Site Settings dialog: \\ <code> | ||
| Line 34: | Line 34: | ||
| Note that as WinSCP cannot implement terminal emulation, you need to have ''sudoers'' option ''requiretty'' turned off (which is default). | Note that as WinSCP cannot implement terminal emulation, you need to have ''sudoers'' option ''requiretty'' turned off (which is default). | ||
| - | |||
| - | Common pitfalls: | ||
| - | |||
| - | * The order of lines in ''/etc/sudoers'' matters. Ensure that your configuration is after ''ALL=(ALL:ALL) ALL'' (you may check by running ''sudo -l''). | ||
| - | * If you restrict NOPASSWD to sftp-server only, in WinSCP, the SFTP server configuration must be ''sudo /bin/sftp-server'', not ''sudo su -c /bin/sftp-server''. | ||