Yadda za a Ƙuntata Masu Amfani da SFTP zuwa Bayanan Gida ta Amfani da chroot Jail

A cikin wannan koyawa, za mu tattauna yadda za a ƙuntata masu amfani da SFTP zuwa kundin adireshi na gida ko takamaiman kundayen adireshi. Yana nufin mai amfani zai iya samun dama ga kundin adireshi na gida kawai, ba duka tsarin fayil ba.

Ƙuntata kundayen adireshi na gida na masu amfani yana da mahimmanci, musamman a cikin mahallin uwar garken da aka raba, ta yadda mai amfani mara izini ba zai lallaba cikin fayiloli da manyan fayiloli na sauran mai amfani ba.

Muhimmi: Da fatan za a kuma lura cewa manufar wannan labarin shine don samar da damar SFTP kawai, ba shiga SSH ba, ta bin wannan labarin zai sami izini don canja wurin fayil, amma ba a ba da izinin yin zaman SSH mai nisa ba.

Hanya mafi sauƙi don yin wannan, ita ce ƙirƙirar yanayin ɗaurin kurkuku don samun damar SFTP. Wannan hanyar iri ɗaya ce ga duk tsarin aiki na Unix/Linux. Yin amfani da yanayin da aka ƙera, za mu iya ƙuntata masu amfani ko dai zuwa ga kundin adireshin gidansu ko zuwa takamaiman kundin adireshi.

Ƙuntata masu amfani zuwa kundayen adireshi na Gida

A cikin wannan sashe, za mu ƙirƙiri sabuwar ƙungiya mai suna sftpgroup kuma mu sanya madaidaicin mallaka da izini ga asusun mai amfani. Akwai zaɓuɓɓuka guda biyu don ƙuntata masu amfani zuwa gida ko takamaiman kundayen adireshi, za mu ga hanya biyu a cikin wannan labarin.

Bari mu taƙaita mai amfani da yake yanzu, misali tecmint, zuwa kundin adireshin gidansa/ta mai suna /home/tecmint. Don wannan, kuna buƙatar ƙirƙirar sabon ƙungiyar sftpgroup ta amfani da umarnin groupadd kamar yadda aka nuna:

# groupadd sftpgroup

Na gaba, sanya mai amfani 'tecmint' zuwa rukunin sftpgroup.

# usermod -G sftpgroup tecmint

Hakanan zaka iya ƙirƙirar sabon mai amfani ta amfani da umarnin useradd, misali sentil kuma sanya mai amfani ga ƙungiyar sftpusers.

# adduser senthil -g sftpgroup -s /sbin/nologin
# passwd tecmint

Buɗe kuma ƙara waɗannan layin zuwa /etc/ssh/sshd_config fayil ɗin sanyi.

Subsystem sftp internal-sftp
 
   Match Group sftpgroup
   ChrootDirectory /home
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no

Ajiye ku fita fayil ɗin, sake kunna sabis na sshd don ɗaukar sabbin canje-canje zuwa aiki.

# systemctl restart sshd
OR
# service sshd restart

Idan kun zazzage masu amfani da yawa zuwa kundin adireshi iri ɗaya, ya kamata ku canza izini na kundin adireshin gida na kowane mai amfani don hana duk masu amfani yin binciken kundayen adireshi na juna masu amfani.

# chmod 700 /home/tecmint

Yanzu, lokaci ya yi da za a duba shiga daga tsarin gida. Yi ƙoƙarin ssh tsarin nesa daga tsarin gida na ku.

# ssh [email 

Nan,

1. tecment – sunan mai amfani na tsarin nesa.
2. 192.168.1.150 - Adireshin IP na tsarin nesa.

[email 's password: 
Could not chdir to home directory /home/tecmint: No such file or directory
This service allows sftp connections only.
Connection to 192.168.1.150 closed.

Sa'an nan, samun damar m tsarin ta amfani da SFTP.

# sftp [email 

[email 's password: 
Connected to 192.168.1.150.
sftp>

Bari mu duba kundin tsarin aiki na yanzu:

sftp&gt pwd
Remote working directory: /

sftp&gt ls
tecmint  

Anan, tecmint shine kundin adireshin gida. Cd zuwa tecint directory kuma ƙirƙirar fayiloli ko manyan fayilolin da kuka zaɓa.

sftp&gt cd tecmint
Remote working directory: /

sftp&gt mkdir test
tecmint  

Ƙuntata Masu amfani zuwa Takamaiman Jagora

A cikin misalinmu na baya, muna ƙuntata masu amfani da suke zuwa ga kundin adireshin gida. Yanzu, za mu ga yadda ake ƙuntata sabon mai amfani zuwa kundin adireshi na al'ada.

Ƙirƙiri sabuwar ƙungiya sftpgroup.

# groupadd sftpgroup

Na gaba, ƙirƙiri jagora don ƙungiyar SFTP kuma sanya izini don tushen mai amfani.

# mkdir -p /sftpusers/chroot
# chown root:root /sftpusers/chroot/

Na gaba, ƙirƙiri sabbin kundayen adireshi don kowane mai amfani, waɗanda za su sami cikakkiyar damar shiga. Misali, za mu ƙirƙiri mai amfani tecmint kuma sabon kundin adireshi ne tare da madaidaicin izinin rukuni ta amfani da bin jerin umarni.

# adduser tecmint -g sftpgroup -s /sbin/nologin
# passwd tecmint
# mkdir /sftpusers/chroot/tecmint
# chown tecmint:sftpgroup /sftpusers/chroot/tecmint/
# chmod 700 /sftpusers/chroot/tecmint/

Gyara ko ƙara layin masu zuwa a ƙarshen fayil ɗin:

#Subsystem  	sftp	/usr/libexec/openssh/sftp-server
Subsystem sftp  internal-sftp
 
Match Group sftpgroup
   ChrootDirectory /sftpusers/chroot/
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no

Ajiye kuma fita fayil ɗin. Sake kunna sabis na sshd don aiwatar da canje-canjen da aka ajiye.

# systemctl restart sshd
OR
# service sshd restart

Shi ke nan, zaku iya dubawa ta shiga cikin sabar SSH da SFTP ɗinku ta nesa ta amfani da matakin da aka bayar a sama a Tabbatar da shiga SSH da SFTP.

Yi la'akari da cewa wannan hanyar za ta kashe damar harsashi, watau ba za ku iya samun damar zaman harsashin tsarin nesa ta amfani da SSH ba. Kuna iya samun dama ga tsarin nesa ta hanyar SFTP kuma kuyi canja wurin fayil zuwa kuma daga tsarin gida da na nesa.

Kammalawa

Yanzu kun san yadda ake ƙuntata kundayen adireshi masu amfani ta amfani da yanayin Chroot a cikin Linux. Idan kun ga wannan yana da amfani, raba wannan labarin akan hanyoyin sadarwar ku kuma sanar da mu a cikin sashin sharhi da ke ƙasa idan akwai wasu hanyoyin da za a hana masu amfani da kundayen adireshi na gida.