search

emberstack / docker-sftp

SFTP Server for Docker
MIT License
196 stars 51 forks source link

[Not a problem] Warning while creating user with ro folder binded on /home/user/sftp #18

Closed adripo closed 4 years ago

adripo commented 4 years ago

I created the user public inside sftp.json and binded the volume on docker run with this option -v /host/Public:/home/public/sftp:ro \

Please note the :ro option.

After running it, in the log of the container I find this exception

2020-05-14 22:18:38.292 [INF] (ES.SFTP.Host.Orchestrator) Processing user 'public'

2020-05-14 22:18:38.301 [DBG] (ES.SFTP.Host.Orchestrator) Creating user 'public'

2020-05-14 22:18:38.994 [DBG] (ES.SFTP.Host.Orchestrator) Adding user 'public' to 'sftp-user-inventory'

2020-05-14 22:18:39.127 [DBG] (ES.SFTP.Host.Orchestrator) Updating the password for user 'public'

2020-05-14 22:18:39.326 [WRN] (ES.SFTP.Host.Orchestrator) Exception occured while setting permissions for '/home/public/sftp' 

System.Exception: Process failed with exit code '1.

chown: changing ownership of '/home/public/sftp': Read-only file system'

   at ES.SFTP.Host.Business.Interop.ProcessUtil.QuickRun(String filename, String arguments, Boolean throwOnError) in /src/ES.SFTP.Host/Business/Interop/ProcessUtil.cs:line 42

   at ES.SFTP.Host.Orchestrator.PrepareUserForSftp(String username) in /src/ES.SFTP.Host/Orchestrator.cs:line 396

2020-05-14 22:18:39.448 [INF] (ES.SFTP.Host.Orchestrator) Starting 'sshd' process

Is there any other way to set a read only folder for a user? Am I doing something wrong?

winromulus commented 4 years ago

Hi @adripo - I need to check the code but if I remember correctly it skips the ownership change. You should still be able to access the folder if the user has access (depends on the source folder permissions). Have you tried connecting and seeing if you can access the contents?

adripo commented 4 years ago

Yes, I checked and everything work correctly. I was wondering if this is the right way to do it, or if I have to let the sftp folder writeable and bind my ro folder inside sftp. Would this be a better solution?

winromulus commented 4 years ago

@adripo No, if you just want the user to have RO access, that is the correct way because otherwise you will disclose what the other users have in their homes. I'll see if in the new version I can include a more comprehensive message.

adripo commented 4 years ago

Thank you!