Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Privilege "User - System: Copy files to home directory (chrooted scp)"

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      namezero111111
      last edited by

      Good day,

      We are trying to enable a user to connect to pfsense via SFTP (or SCP) and copy a file FROM their home directory.
      In 2.3+, there is an user privilege "User - System: Copy files to home directory (chrooted scp)".

      However, by assigning this by itself and connecting doesn't work; in System log the following appears:

      Dec 3 17:40:19 scponly 67159 failed: /usr/libexec/sftp-server with error No such file or directory(2) (username: testuser(2000), IP/port: xxx.xxx.xxx.xxx 50690 22)

      Ok, so in the privilege there is a cryptic reference to the following:

      Warning: Manual chroot setup required, see /usr/local/etc/rc.d/scponlyc

      I opened the file, but it doesn't explain how to do this chroot setup.

      I found the following information regarding all this:

      Add the following lines to /etc/rc.conf to enable scponly:

      scponlyc_enable (bool):              Set to "NO" by default.

      #                                      Set it to "YES" to enable scponly

      scponlyc_shells (str):                Set to "/etc/shells" by default.

      scponlyc_passwd (str):                Set to "/etc/passwd" by default.

      To setup chroot cage, run the following commands:
        1) cd /usr/local/share/examples/scponly/ && /bin/sh setup_chroot.sh
        2) Set scponlyc_enable="YES" in /etc/rc.conf
        3) Run /usr/local/etc/rc.d/scponly start

      So my question is whether
      a) This is the right way to grant SFTP/SCP-read only access to the home directory and
      b) Whether there is a better way.

      Any help would be appreciated.

      L 1 Reply Last reply Reply Quote 0
      • L
        luisenrique @namezero111111
        last edited by

        @namezero111111 now in 2023 i wanna know too... o have the same questions... any advanced ?

        1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          What exactly are you trying to do?

          L 1 Reply Last reply Reply Quote 0
          • L
            luisenrique @stephenw10
            last edited by

            @stephenw10
            https://forum.netgate.com/topic/181276/add-user-and-enable-chroot-ssh-scp-access

            1 Reply Last reply Reply Quote 0
            • rcfaR rcfa referenced this topic on
            • rcfaR
              rcfa
              last edited by

              FYI, here are the results of my investigation
              https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
              any improvements (and I wish there are) are welcome!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.