[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [redhat-list] updates pending question, is, sftp problems



Based on the following

>> The weird thing is that two of them get the same login error message
>> and a third gets something different.
>> Here are the errors:
>> "FTP Error...Cannot open remote folder pac-2013/ Access Denied."
>> And the other login error:
>> "There is no site name "whatever the home directory location is for
>> the user".

It sounds like you have a couple of problems, the first being that the
folder 'pac-2013' (wherever that is in the file structure)
 has been created with permissions that the user trying to access it
doesn't have. If other users can access this OK, then check that the user
in question is a member of the same groups (facility-staff, www and sftp)

If other users cannot access this then check the permissions of the group
this directory is owned by and the file permissions on the directory.

The second error tends to be an incorrectly setup user. "no site name"
seems a little weird though, but it could be that the user shell (?) has
been incorrectly set.

Looking at your two useradd commands neither will work based on your
current openssh setup if it's been updated via yum.

> 1.) useradd -d /var/www/html/faculty-staff -s
> /opt/openssh/libexec/sftp-server -g sftp -G www,faculty-staff username

This would work, but sets everyones home directory to the same thing and
then sets the shell to the sftp-server under opt which may or maynot still
exist. What you may find is different sshd processes calling different
sftp-servers might cause problems, or produce unexpected results.

> 2.) useradd -m -k /var/www/userSkel -G faculty-staff,www -g sftp -s
> /usr/libexec/openssh/sftp-server -d /var/www/html/faculty-staff/username

This seems almost an solaris type way of doing things. (-m tends to be
implied in linux) however, this command will fail as you don't actually add
the 'username' to the end of the command. Running htis would probably
produce an error, yet the next command (cp -ir) would make it appear that
the user was created.

> And then the next command:   cp -ir /var/www/userSkel/*
> /var/www/html/faculty-staff/username

what you may want to do as well is check that the old version of ssh was
the same and look for any weirdnesses in its config files - a good thing
here, is that it appears they set the install root to /opt/openssh, so I'd
look in that directory for a start. Look for say, /opt/openssh/sbin and see
if there is an sshd file there, then run it with sshd -V, this will return
a syntax line, but the first part should tell you the version.

One thing to be aware of is that some of the newer (than redhat 5) sshds
introduced better chroot support, and this might be a reason to have
installed their own version of sshd outside the package management system.
However, they should have put it into an ignore list as far as updates went
as well, and even better - compiled their own openssh package. You can
check this by looking for chroot options under /opt/openssh/etc/sshd_config
(post back if unsure what you should be looking for)

The neat thing is - if this is the case, then the compiled version living
under /opt/openssh can probably just be restarted, but this will also
depend on how they setup the start/stop scripts. an easy way to test this
is (WARNING: MAKE SURE YOU DO THIS FROM THE CONSOLE AS YOU CAN KILL REMOTE
SESSIONS CUTTING YOURSELF OFF FROM THE SERVER)

Kill the currently running sshd

# /etc/init.d/sshd stop

Start the /opt/openssh version

# /opt/openssh/sbin/sshd

Then try logging in to see if it all works as expected. (the # indicates
that you should do this as root by the way, typing the # will simply cause
your shell to ignore what you type)

If this fixes things then let us know and we will then explain how to set
this to start on boot and add ssh to the yum updates ignore list so you
don't have this problem again.



On Sat, May 11, 2013 at 1:21 AM, <m roth 5-cent us> wrote:

> Constance   Morris wrote:
> > From: redhat-list-bounces redhat com
> > [mailto:redhat-list-bounces redhat com] On Behalf Of m roth 5-cent us
> > Constance   Morris wrote:
> >> [mailto:redhat-list-bounces redhat com] On Behalf Of m roth 5-cent us
> >> Constance   Morris wrote:
> >>> [mailto:redhat-list-bounces redhat com] On Behalf Of m roth 5-cent us
> >>> Constance   Morris wrote:
> >> <snip>
> >>>> problem last week with having started these updates then stopped
> >>>> them mid-stream when some of our professors could not ssh to the
> >>>> webserver using Expression Web software via SFTP?
> <snip>
> >>> The weird thing is that two of them get the same login error message
> >>> and a third gets something different.
> >>> Here are the errors:
> >>> "FTP Error...Cannot open remote folder pac-2013/ Access Denied."
> >>> And the other login error:
> >>> "There is no site name "whatever the home directory location is for
> >>> the user".
> >>
> >> The latter tells me that this user does not have it configured, and I
> >> assume, possibly wrongly, that one of youse guys needs to go into
> >> wherever you manage users and set it up for him. It also leads me to
> >> suspect that the other two users are misconfigured.
> >>
> >> Yup. I just googled on Web Expression configure sftp, and found this
> >> link:
> >> <http://msdn.microsoft.com/en-us/library/cc295154%28v=expression.30%29
> >> .aspx> Someone needs to go there and check those three users'
> >> configurations.
> <snip>
> > Hmmm... I just googled Expression Web, and found the wikipedia entry, and
> > see that it's client-only, that there's no setup on the server side,
> which
> > is what I was thinking there was. Is this stuff installed on each user's
> > machine? If so, I think someone (you? the other guy?) needs to go over to
> > the three people, and go through their configuration of the tool.
> >>
> Going back to that site, I see "change publishing destination"
> instructions, and I more think that someone needs to go to sit with them.
>
> >> May I impose upon you one more time?
> >> My 2 predecessors left me two different commands in setting up new
> >> users and their directories on the server for expression web access.
> >> I'm going to list both and do you mind looking over them and giving me
> >> your opinion?
> >> I've used both to create test users and directories to try and resolve
> >> this login issue for expression web, but neither are working for me,
> >> so I'm either doing something wrong or missing something.
> >>
> >> 1.) useradd -d /var/www/html/faculty-staff -s
> >> /opt/openssh/libexec/sftp-server -g sftp -G www,faculty-staff username
> >>
> >> * Now, I know you or Robert mentioned last time that it should really
> >> be /usr/libexec/openssh/sftp-server instead of the
> >> /opt/openssh/libexec....
> >>
> >> 2.) useradd -m -k /var/www/userSkel -G faculty-staff,www -g sftp -s
> >> /usr/libexec/openssh/sftp-server -d /var/www/html/faculty-staff/username
> >> And then the next command:   cp -ir /var/www/userSkel/*
> >> /var/www/html/faculty-staff/username
> >
> > Constance, *do* read man useradd. That will show you that the latter, in
> > your case, is probably better, since *if* /var/www/userSkel is populated
> > correctly, this will set up your users' home directories with the
> > necessary configuration files, like .bash_profile, .bashrc, and
> presumably
> > the ~user/.ssh directory and contents. Note that it says clearly, in the
> > man page, for the -k flag, that it does everything that the cp does, and
> > better.
> >
> > Oh, and IIRC, you're new to Linux and/or sysadmin, so remember that you
> > can also man man.... (read the manpage for man) <g>
> >
> > Thanks Mark.
> > I did read over the useradd man page before writing you, but I wanted to
> > make sure I was understanding things correctly. However, I did not know
> > there was a manpage on man. :-)
>
> Yeah, when someone throws that at you - which is what always happens, and
> it's always sort of an in joke.
>
> > I will try the other suggestions you made and thanks again.
> > Have a great weekend!
>
> You, too.
>
>      mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]