sudo option
sudo
– such as a modifier key.
Incredibly useful piece of work, BTW. I hope it earns you the blessings it deserves.
Advertisement
sudo
– such as a modifier key.
Advertisement
Advertisement
sudo
keeps asking me for a password. I even attempted a reboot and it still does this. At this point I am assuming this to be a problem with Ubuntu I'd need to research more than anything, though if you have any suggestions feel free to say something.
sudoers
file:
username ALL=NOPASSWD: /usr/lib/openssh/sftp-server
sudo /usr/lib/openssh/sftp-server
sftp-server
binary to another name e.g.
cd /root cp /usr/libexec/openssh/sftp-server admin1-sftp-server
chown admin1 admin1-sftp-server
/etc/passwd
is 100 and 100 is "users" group in /etc/group
then:
chgrp users admin1-sftp-server
chmod 6550 admin1-sftp-server
/root
to which no one but root has access normally.)
sudoers
file (use visudo
) to allow the new script to be run by user as root. e.g.
ralph ALL=NOPASSWD: /root/admin1-sftp-server billybob ALL=NOPASSWD: /root/admin1-sftp-server
User_Alias
and Cmnd_Alias
would work.
sudo
to the sftp-server
copy you made instead of "Default". e.g.
sudo /root/admin1-sftp-server
sftp-server
(e.g. /root/admin1-sftp-server
) running as the user that owns this (admin1-)sftp-server instead of root. Any files created by this session will be owned by the user that owns (admin1-)sftp-server and grouped to the group of (admin1-)sftp-server.
sftp-server
for some reason it won't automatically patch copies like admin1-sftp-server. If the reason for patching is a security concern it is important you repeat the process above after the patching to insure you have the same security fix in all copies.
Advertisement
sudo su - <account>
after they had logged in with those individual accounts. That was OK for PuTTY but it meant the WinSCP transfer was being done as the individual account instead of the administrative account. This added steps (e.g. transfer to your home directory as WinSCP then login via PuTTY and copy the file, do the processing etc...). Additionally the processed file is always owned by the administrative user due to the need to run the application command as that user.
sudo su - <admin>
but that is only addition to procedure since the WinSCP sudo
solution I posted puts them in as admin user for the transfers. Since it does the sudo
we still have an audit trail of who did what.
sudo
this way I'd run across other posts making it clear I wasn't the only person that had wanted such a solution so I posted here and on LQ where I'd asked my question before figuring it out.
sudo
to root on WinSCP transfer? Hopefully anyone setting that up is restricting it to System Administrators.
Sorry, I'm possibly not patient enough to try to understand all details. Though my question was not why you doMy counter question is why would one want to allowsudo
to root on WinSCP transfer? Hopefully anyone setting that up is restricting it to System Administrators.
sudo adminaccount
. I was asking why you need to run sftp-server
as non-root user to do that. So I do not see a point of your counter question.
sudo adminaccount
where?
sudo adminaccount
from within WinSCP because it starts sftp-server
on connection. I thought the point of the thread was that due to this you have to do the sudo setup using root.
sudoers
to su
to adminaccount and then run sftp-server
but none of the syntax I tried seemed to work. It was at that point that I posted my question on LQ.
adminaccount-sftp-server
after creating it as detailed) and came up with the workaround I posted on LQ and here.
sftp-server
and somehow connect to that running sftp-server
with WinSCP? If so I'd be interested in hearing how its done – I tried it and didn't get very far.
sftp-server
as root as they would then be able to use WinSCP to accidentally do all sorts of things such as deleting critical files.
Advertisement
sftp-server
as root. When I do it allows them to delete anything on the system via WinSCP instead of just deleting files owned by the specific adminaccount. That is to say the user the sftp-server
that is running has the power of the user that is running it and I don't want to grant them root power. My counter question was why would anyone want to grant root power to users other than System Administrators?
I've checked the path towinscp sudo Cannot initialize SFTP protocol. Is the host running a SFTP server?
sftp-server
in sshd_config
and made sure it was the same in sudoers
and WinSCP. still no luck.
visudo
the /etc/sudoers
file and comment out #Default requiretty
Advertisement
You can post new topics in this forum