In 2016’s first update, we’ve now included an option in Xftp that allows you to specify a custom SFTP server.
If you require elevated privileges to access the sftp-server, you can use one of the following methods to gain elevated privileges of another user:
- sudo: Use the sudo command to gain elevated privileges of another user
- setuid: Use the setuid bit to gain elevated privileges of another user
Use the sudo Command to Gain Elevated Privileges of Another User
First, you’ll have to edit the /etc/sudoers file. The NOPASSWD and Defaults !requiretty settings are required.
#vi /etc/sudoers
...
#Defaults requiretty => comment out or
Defaults !requireretty
...
User_Alias ADMINISTRATOR = user1, user2, ...
ADMINISTRATOR ALL=(ALL) NOPASSWD:/path/to/your/sftp-server
...
You must designate the whole path and file name of your sftp-server in ‘/path/to/your/sftp-server’. Most Open SSH servers have their own sftp sub system. You can find out the path and file name using the following command:
# cat /etc/ssh/sshd_config |grep sftp
Subsystem sftp /usr/libexec/openssh/sftp-server
The default sftp-server locations are as follows:
CentOS: /usr/libexec/openssh/sftp-server
Ubuntu: /usr/lib/openssh/sftp-server
Now you can specify the sftp-server within Xftp. Select the SFTP protocol in Xftp’s session properties. Click the Setup button and check the “Use custom SFTP server” option. Enter the sudo command followed by the path to the sftp-server.
Use the setuid Bit to Gain Elevated Privileges of Another User
After determining which sftp-server you will use, you can set the setuid bit.
# cp /usr/libexec/openssh/sftp-server /home/test
# cd /home/test
# chmod u+s sftp-server
# ls -l sftp-server
-rwsr-xr-x. 1 root root 63544 2016-01-06 16:53 sftp-server
Now you can specify the sftp-server within Xftp. Select the SFTP protocol in Xftp’s session properties. Click the Setup button and check the “Use custom SFTP server” option and enter the path to your sftp-server.
Notes & Cautions
setuid is an access rights flag that allows users to run a file with the permissions of the file’s owner. If the user who owns the file is root, extra precautions are required.
If root privileges are required to use the sftp-server, it’s in your best interest to only allow a specific group to utilize the service.
# groupadd admin
# usermod -a -G admin test
# id test
uid=501(test) gid=501(test) groups=501(test),502(admin)
# ls -l /home/test/sftp-server
-rwsr-xr-x. 1 root root 63544 2016-01-06 16:53 sftp-server
# chgrp admin /home/test/sftp-server; chmod o-rx /home/test/sftp-server
# ls -l /home/test/sftp-server
-rwsr-x---. 1 root admin 63544 2016-01-06 16:53 sftp-server
한국어