Based on the following >> The weird thing is that two of them get the same login error message >> and a third gets something different. >> Here are the errors: >> "FTP Error...Cannot open remote folder pac-2013/ Access Denied." >> And the other login error: >> "There is no site name "whatever the home directory location is for >> the user". It sounds like you have a couple of problems, the first being that the folder 'pac-2013' (wherever that is in the file structure) has been created with permissions that the user trying to access it doesn't have. If other users can access this OK, then check that the user in question is a member of the same groups (facility-staff, www and sftp) If other users cannot access this then check the permissions of the group this directory is owned by and the file permissions on the directory. The second error tends to be an incorrectly setup user. "no site name" seems a little weird though, but it could be that the user shell (?) has been incorrectly set. Looking at your two useradd commands neither will work based on your current openssh setup if it's been updated via yum. > 1.) useradd -d /var/www/html/faculty-staff -s > /opt/openssh/libexec/sftp-server -g sftp -G www,faculty-staff username This would work, but sets everyones home directory to the same thing and then sets the shell to the sftp-server under opt which may or maynot still exist. What you may find is different sshd processes calling different sftp-servers might cause problems, or produce unexpected results. > 2.) useradd -m -k /var/www/userSkel -G faculty-staff,www -g sftp -s > /usr/libexec/openssh/sftp-server -d /var/www/html/faculty-staff/username This seems almost an solaris type way of doing things. (-m tends to be implied in linux) however, this command will fail as you don't actually add the 'username' to the end of the command. Running htis would probably produce an error, yet the next command (cp -ir) would make it appear that the user was created. > And then the next command: cp -ir /var/www/userSkel/* > /var/www/html/faculty-staff/username what you may want to do as well is check that the old version of ssh was the same and look for any weirdnesses in its config files - a good thing here, is that it appears they set the install root to /opt/openssh, so I'd look in that directory for a start. Look for say, /opt/openssh/sbin and see if there is an sshd file there, then run it with sshd -V, this will return a syntax line, but the first part should tell you the version. One thing to be aware of is that some of the newer (than redhat 5) sshds introduced better chroot support, and this might be a reason to have installed their own version of sshd outside the package management system. However, they should have put it into an ignore list as far as updates went as well, and even better - compiled their own openssh package. You can check this by looking for chroot options under /opt/openssh/etc/sshd_config (post back if unsure what you should be looking for) The neat thing is - if this is the case, then the compiled version living under /opt/openssh can probably just be restarted, but this will also depend on how they setup the start/stop scripts. an easy way to test this is (WARNING: MAKE SURE YOU DO THIS FROM THE CONSOLE AS YOU CAN KILL REMOTE SESSIONS CUTTING YOURSELF OFF FROM THE SERVER) Kill the currently running sshd # /etc/init.d/sshd stop Start the /opt/openssh version # /opt/openssh/sbin/sshd Then try logging in to see if it all works as expected. (the # indicates that you should do this as root by the way, typing the # will simply cause your shell to ignore what you type) If this fixes things then let us know and we will then explain how to set this to start on boot and add ssh to the yum updates ignore list so you don't have this problem again. On Sat, May 11, 2013 at 1:21 AM, <m.roth@xxxxxxxxx> wrote: > Constance Morris wrote: > > From: redhat-list-bounces@xxxxxxxxxx > > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > > Constance Morris wrote: > >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > >> Constance Morris wrote: > >>> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > >>> Constance Morris wrote: > >> <snip> > >>>> problem last week with having started these updates then stopped > >>>> them mid-stream when some of our professors could not ssh to the > >>>> webserver using Expression Web software via SFTP? > <snip> > >>> The weird thing is that two of them get the same login error message > >>> and a third gets something different. > >>> Here are the errors: > >>> "FTP Error...Cannot open remote folder pac-2013/ Access Denied." > >>> And the other login error: > >>> "There is no site name "whatever the home directory location is for > >>> the user". > >> > >> The latter tells me that this user does not have it configured, and I > >> assume, possibly wrongly, that one of youse guys needs to go into > >> wherever you manage users and set it up for him. It also leads me to > >> suspect that the other two users are misconfigured. > >> > >> Yup. I just googled on Web Expression configure sftp, and found this > >> link: > >> <http://msdn.microsoft.com/en-us/library/cc295154%28v=expression.30%29 > >> .aspx> Someone needs to go there and check those three users' > >> configurations. > <snip> > > Hmmm... I just googled Expression Web, and found the wikipedia entry, and > > see that it's client-only, that there's no setup on the server side, > which > > is what I was thinking there was. Is this stuff installed on each user's > > machine? If so, I think someone (you? the other guy?) needs to go over to > > the three people, and go through their configuration of the tool. > >> > Going back to that site, I see "change publishing destination" > instructions, and I more think that someone needs to go to sit with them. > > >> May I impose upon you one more time? > >> My 2 predecessors left me two different commands in setting up new > >> users and their directories on the server for expression web access. > >> I'm going to list both and do you mind looking over them and giving me > >> your opinion? > >> I've used both to create test users and directories to try and resolve > >> this login issue for expression web, but neither are working for me, > >> so I'm either doing something wrong or missing something. > >> > >> 1.) useradd -d /var/www/html/faculty-staff -s > >> /opt/openssh/libexec/sftp-server -g sftp -G www,faculty-staff username > >> > >> * Now, I know you or Robert mentioned last time that it should really > >> be /usr/libexec/openssh/sftp-server instead of the > >> /opt/openssh/libexec.... > >> > >> 2.) useradd -m -k /var/www/userSkel -G faculty-staff,www -g sftp -s > >> /usr/libexec/openssh/sftp-server -d /var/www/html/faculty-staff/username > >> And then the next command: cp -ir /var/www/userSkel/* > >> /var/www/html/faculty-staff/username > > > > Constance, *do* read man useradd. That will show you that the latter, in > > your case, is probably better, since *if* /var/www/userSkel is populated > > correctly, this will set up your users' home directories with the > > necessary configuration files, like .bash_profile, .bashrc, and > presumably > > the ~user/.ssh directory and contents. Note that it says clearly, in the > > man page, for the -k flag, that it does everything that the cp does, and > > better. > > > > Oh, and IIRC, you're new to Linux and/or sysadmin, so remember that you > > can also man man.... (read the manpage for man) <g> > > > > Thanks Mark. > > I did read over the useradd man page before writing you, but I wanted to > > make sure I was understanding things correctly. However, I did not know > > there was a manpage on man. :-) > > Yeah, when someone throws that at you - which is what always happens, and > it's always sort of an in joke. > > > I will try the other suggestions you made and thanks again. > > Have a great weekend! > > You, too. > > mark > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
