FTP From Local Desktop to Server As Sudo User - linux

I have a file on my desktop that I need to FTP to a server. As I've been navigating this server, I need to login with initial credentials to access the box and then needed to run sudo -u [username] ksh to access the folder I need. (No password)
In Filezilla however, I only enter credentials once and therefore, don't have the option to sudo as the user and get permissions to the folder.
Am I going about this process wrong and if so, what's the usual way to do this?

There is no way to switch user on the ftp protocol. You need to know the correct credentials in the first place.
The closest you could come would be to ftp the files to a directory you do have access to, log in with a shell, and then move the files using shell commands after switching user.

Related

It possible to run command with web access to files?

Have a Linux server with OpenAFS and access to / files.
Access is read-only and like user privileges (ex. can read /etc/passwd, but can't read /etc/shadow).
It possible to run command? With /bin/bash for example?
And, on server have sshd service, but don't have rights to /root/.ssh/id_rsa
Any ideas?

ftp -s:filename login error

I'm trying to ftp files from a windows computer to a Linux server (Redhad 6.1 with vsftpd). I can successfully login from the windows computer using:
ftp *servername*
and entering my credentials. However I need to ftp to the server and place a file in a directory because the users in the company will only have control of placing the file needed on the server. I am using the
ftp -s:filename.ftp *servername*
command and get an error during the login:
530 Login incorrect.
Login failed.
here is the code in the filename.ftp file:
user *username* *password*
sudo cd /dbx2/ekiexport
bi
put myfile.csv
bye
I have even tried:
user *username* pass *password*
sudo cd /dbx2/ekiexport
bi
put myfile.csv
bye
I know I can just ftp to the server to place the files there myself, but I need the users to run the script when they need to access the file. That's why I need to use the ftp -s:filename

Using SCP command to download files from Linux server to client server

I'm creating files on a Linux server that I'm logged into and I'm adding the ability for the user to download these files from the Linux server on to the connecting computer. I'm writing a scrip and using the scp command to download these files:
scp data.txt user#usraddress:/home/usr
However, I don't want to specify "user#usraddress:/home/usr" to be just my computer. I want whoever is logged onto the linux server to be able do download these files. Is there a way to get the address of the connecting computer?
How would I do this?
Forgive me if this seems elementary, I'm very new to scripting.
When you open a remote session in a GNU/Linux machine, the ssh server sets the environment variable SSH_CONNECTION with some connection information. You can use this variable and the $USER variable to fill that parameters:
scp data.txt $USER#${SSH_CONNECTION%% *}:/home/$USER
Note that as far as I know you couldn't assume the client home directory is at /home. As said by chepner, you could omit the destination directory to use the default location, the home directory.
scp data.txt $USER#${SSH_CONNECTION%% *}:

Updating WordPress with SSH (Cent OS)

I am new to SSH and Linux and I hope someone can help. I am working on a site with a dedicated server (VPS) and I am also working with WordPress. I used SSH to log into the site's files with Cyberduck (I've also used FileZilla successfully) and install WordPress on the server.
The problem I'm having now is that I can't edit or add any plugins or files on WordPress because WordPress doesn't have access to the site's FTP which is standard. It asks for credentials and when I attempt to enter them into the WordPress dashboard, it doesn't work. There is an option for FTP and there is an option for FTPS (SSL). I know these are different than SSH but I tried the SSH credentials anyway and obviously they didn't work.
I then logged into the SSH through Mac Terminal and did the instructions here:
1. Login as root through SSH.
2. Next add the user account you want using the 'useradd' command
useradd <username>
3. Now create a special group for that user.
groupadd <groupname>
4. Now to add the user to the group
gpasswd -a <username> <groupname>
5. Change the group ownership of the special directory to that group.
chgrp -R groupname
/path/to/your/web/directory
6. Enable write permissions
chmod -R g+rw
/path/to/your/web/directory
And it worked. I was able to add a new user (and I could confirm this by looking at the /etc/passwd file). I then logged out and tried to log in with Cyberduck using the new credentials and setting it to FTP (instead of SSH) and it didn't work. It did however work to log in with SSH with the new user credentials. So it seems I can successfully add a new SSH user but not a new FTP user.
I need the user to be FTP so I can hook WordPress up and begin editing. How do I specific the user to be FTP as opposed to SSH? Thanks for any help!
I've found an answer to my question and figured I'd document here for anyone else who runs across this issue. It's surprisingly easy.
Just go to this link and download the plug-in:
http://wordpress.org/plugins/ssh-sftp-updater-support/
You obviously have to upload this straight into your WordPress directory in the SFTP (/wp-content/plugins) in order for it to work correctly since it won't work from within the WordPress dashboard.
Once those files are there, when WordPress prompts you to login to your 'FTP' it will have an option for SSH which you can select and log-in. Voila!

what permissions should jenkins have to execute shell-commands without being insecure?

I have a script (test.sh) on a local server, which works fine when executed in a terminal. The script removes a directory, and recreates a directory local. It then connects to a remote server using "ssh -i $private_key .." and copies a file there.
When I execute this script in jenkins with
sh test.sh
it doesnt work. I get the following errors:
rm: .. Permission denied
mkdir: .. Permission denied
Warning: Identity file /.ssh/private_key not accessible: Permission denied.
Jenkins is on the same server as the script.
I see that Jenkins is another user and cant do everything that I'm doing as root; how can I set the permissions without losing all security. Especially in case of the private_key, it would be silly to set the permissions to easy - it is currently set to 600 (read and write permission for the owner) and the owner is root.
The whole point of setting the private key's permissions to 600 is that no other user should be able to access it. If you have placed the keys in another user's home directory (/home/anotheruser/.ssh), then neither the Jenkins user, nor anyone else (except root) will be able to access it. This is as designed.
If you want your Jenkins user to be able to use the private key, copy it over to the jenkins users home directory as well (/home//.ssh).
Also, if you are trying to delete/create directories in some other user's directory as the Jenkins user without providing permissions, you will get a permissions error. This is because of security. The only way to allow this is the allow the Jenkins user to make changes to those directories.
One safe option is to add the Jenkins user to the same group as the other user. Once you do this, set the permissions on the directories you want to read from and write to, to allow anyone in the user's group to make changes.
rwxrwx---
The above permissions will allow the owner of the folder and any other users in the same group to make changes, but will not allow anyone else. This is safe, since you control who is part of the other user's group.
EDIT
It looks like your error has changed, though. You're not getting permission denied any more. Can you still do it through terminal? The reason (I think) it is saying that the host key verification has failed is because your key was originally created for the other user. I realise I said to do this in the answer above, but it is not the right way.
As the jenkins user, can you run the following commands:
ssh-keygen (say yes or agree if it asks if you want to replace your current keys)
ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser#remote_server
ssh remoteuser#remote_server
If this works, try your script through the terminal, and then through jenkins again...

Resources