Hello,
I’m very Happy with my Raspberry Pi, running OSMC. Great Work by the Developers!
Just installed the FTP Server from the OSMC App Store an it works great. But logging in as user osmc is a little bit to risky for my kids…
Can you please help me to add a ftp user, who can just access to one Directory (on external hdd). The user should not get a shell.
Hope you can help me.
Greets Lars
This is how i did it:
First I created the homefolder for the user “kids” on the mounted external drive
sudo mkdir /mnt/disc1/kids
Made sure the “/usr/sbin/nologin” was in /etc/shells
sudo nano /etc/shells
Created the user, with no login
sudo adduser --home /mnt/disc1/kids --shell /usr/sbin/nologin kids
Changed owner and filerights on home folder:
sudo chown kids.kids /mnt/disc1/kids
sudo chmod 777 /mnt/disc1/kids
Restart the ftp-server:
systemctl restart vsftpd
There are other solutions, with virtual users and such. But i thought this was a simple solution
Hello,
I’ve tried your process and failed on my PI2
using sftp locally I got a ’ permission denied, please try again’ error, remotely with Filezilla , Authentication failed…
not sure where I missed something, as it should be straightforward.
I used /home for creating the user
BTW, using the default osmc login (I changed passwd) it works fine, with the big issue of being able browsing all folders (
of course I’d like to avoid this …
Olivier
should be
sudo chown kids:kids /mnt/disc1/kids
a typo from my side, and the paths “/mnt/disc1” is where i mount my extrenal drive, you might have another mount point.
Many thanks for your reply, making progress…
by changing in /etc/passwd “/usr/sbin/nologin” to “/bin/bash” it works…but I can navigate to the whole folders contents (: , user is not jailed of course, and this is not what I want (who will?)
just to be sure, could you please share the vsftpd.conf file content?
currently I renamed it, assuming vsftpd will use default values then
I made several changes before landing here, so I may have to use either a default setup or a similar one to yours to get it working.
BTW, I’m using sFTP and not basic FTP
BTW2: ls -al on the shared folder is remaining to osmc:osmc, even if no error when using sudo chown, strange…[EDIT] this is a NTFS formatted disk, probably the issue?
Olivier
Have you added “/usr/sbin/nologin” in /etc/shells, I had login problems with “kids” ftp-login before i added it to /etc/shells.
My passwd file:
kids:x:1001:1001:,:/mnt/disc1/kids:/usr/sbin/nologin
File rights on kids home dir.
drwxrwxrwx 2 kids kids 4096 Dec 14 03:20 kids
Now that I tested if they were locked in home dir, they were not. Fixed this tho:
nano /etc/vsftpd.chroot_list add the user name of your locked user
Add these two lines in vsftpd.conf:
chroot_list_enable=YES
allow_writeable_chroot=YES
Regarding SFtp, i didn’t test it, but googleing abit shows that sftp and /usr/sbin/nologin doesn’t work, Trying to find a solution now.
Many thanks Joakim for your involvement !
yes, I did put “/usr/sbin/nologin” in /etc/shells
I’m sure we will succeed to get it working…
I believe this should be interesting for other users to share some folders with their family (pictures & private videos) through sFTP as secure as possible, without using social networks too
Olivier
I’ve managed to make it posible for user kids to sftp in, but as soon as i try to limit the user to it’s homedirectory it’s farks up.
This is what i did:
sudo nano /etc/ssh/sshd_config
This is VITAL else you sshd will stop working and no ssh login
Locate and comment out the following line,:
Subsystem sftp /usr/lib/openssh/sftp-server
then ad the following lines at the end of the file:
Subsystem sftp internal-sftp
Match user kids
#ChrootDirectory %h
ForceCommand internal-sftp
Hello,
Wao, great improvement indeed !
I’m now able to connect and landing on the right folder 
and like you, user is not jailed, he can browse everywhere, we are pretty close
many thanks,
Olivier
PS: I just posted a new subject about changing rights on the USB drive to root (it sticks to osmc), as I guess this could be the issue:
Most likely the userrights is problem, since I finally solved it on my ext4 formated drive.
From googleing this issue alot, they answer was the same all the time, root must be owner of the folder and no write access to anyone else.
I tried it lots of times and didn’t get it to work, untill i looked at the mountpoint of my external disc /mnt/disc1. It was write enabled for world, which broke the “only root writeable” in chroot enviroment.
So this is how i did:
sudo -s
chown root:root /mnt/disc1
chmod 755 /mnt/disc1
chown root:root /mnt/disc1/kids
chmod 755 /min/disc1/kids
exit
and voila it worked.
I tried to apply this on a folder located on the sdcard, /home/user and it doesn’t work
for this I start process from scratch with a brand new user, still I’m able to browse all folders
I’m using Filezilla, are using the same client?
Olivier
Have you removed the # before #ChrootDirectory %h, in sshd_config?
Yes I’m using FileZilla.
well done !
by uncommenting this line it works perfectly within the sdcard partition !
now I have to find how to manage my external NTFS USB disk, most probably I’ll format it
many thanks for your help
Before you format the drive try this to get your pictures browseable to sftp:
sudo mkdir /home/user/pictures
sudo mount --bind /mnt/yourusb/picturefolder/ /home/user/pictures
Change the path’s to match your system.
If this work, you have to do this every reboot or make an addition to your fstab.
Good luck
chown root:root on /home/user/pictures doesn’t work, rights remain to osmc:osmc
I’ll backup my drive and format it from console using ext4, I know for accessing it from Windows I’ll have to install some utility, but as its content is visible from the network, not sure I’ll do this often…
thanks again,
Olivier
I only used that utility mention in the other thread, once or twice when moving huge libarys of mp3 and video-files from the my sons birthings (4 boys, a whole lot of fotage).
The rest i do via samba mostly.
Hello,
so I now have my USB disk formatted in ex3, by Debian, rights elevated to root:root and still it’s not working.
I even created a brand new user (invite) and same result, even with exactly the same rights as the user who is linked to the folder located on the SD Card . But only this one works(olivier)
This is the only visible difference I can see.
Here is a recap
/etc/passwd
olivier:x:1002:1002:,:/home/olivier:/usr/sbin/nologin
external:x:1001:1001:,:/media/Tera II/FTP:/usr/sbin/nologin
invite:x:1003:1003:,:/media/Tera II/FTP:/usr/sbin/nologin
/etc/ssh/sshd_config
if I change the value of
Match user
to external or invite, I can connect to one but not the other, but both alternatively are not jailed to their home directory.
to olivier, this user can be jailed
folders:
osmc@framboise:/home$ ls -al
total 16
drwxr-xr-x 4 root root 4096 Feb 1 19:33 .
drwxr-xr-x 24 root root 4096 Jan 30 08:37 …
drwxr-xr-x 2 root root 4096 Feb 1 20:54 olivier
drwxr-xr-x 9 osmc osmc 4096 Feb 2 13:18 osmc
osmc@framboise:/home$
osmc@framboise:/media/Tera II/FTP$ ls -al
total 24
drwxrwxrwx 5 root root 4096 Feb 2 11:58 .
drwxrwxrwx 8 root root 4096 Feb 2 17:01 .
drwxr-xr-x 2 invite invite 4096 Feb 2 11:12 E
drwxr-xr-x 2 invite invite 4096 Feb 2 12:34 Q
drwxr-xr-x 2 invite invite 4096 Feb 2 11:58 S
-rw-r–r-- 1 external external 7 Feb 2 07:41 o
osmc@framboise:/media/Tera II/FTP$
as you can see, I was able using invite FTP login to store some files
Desperately I even to try to edit /etc/passwd and change home directory for olivier (the working one) from the sd card to the USB disk: no way (
I probably missed some key point but can’t understand why it works on the SDCard and not on the USB disk now it’s formatted as ex3
Olivier
First do you want to have multiple logins? Then we have to make a group and add the users to that group and use “Match group” insted of “Match user” in sshd_config.
My first thought:
so /media should be root:root and drwxr-xr-x
/media/Tera II should be root:root and drwxr-x-r-x
/media/Tera II/FTP should be root:root drwxr-xr-x
if that so, Chroot %h in sshd_config should work. And the user should be jailed to that folder
(it looked like you FTP directory was 777, root:root drwxrwxrwx)
if you want to upload via SFTP, you have to make a foler in /media/Tera II/FTP, like:
sudo mkdir upload
sudo chown invite:invite upload
sudo chmod 777 upload
Hello,
you know what ?
it eventually works 
I uninstall and reinstall ssh from OSMC store, redo the complete process from scratch…and happy!
many thanks for your support, I hope this thread will be helpful for others
Olivier