<div dir="ltr"><div>Mark,</div><div><br></div><div>You're absolutely correct and I apologize for my behavior </div><div>It's been a stressful several weeks</div><div>I was out of line and I apologize</div><div><br></div><div>In the future, if the need arises, I will seek to hire you for your expertise</div><div>Sorry again</div><div><br></div><div>Scott</div><div><br></div></div><br><div class="gmail_quote"><div class="gmail_attr" dir="ltr">On Wed, Mar 27, 2019 at 6:32 AM Fairlight via Filepro-list <<a href="mailto:filepro-list@lists.celestial.com">filepro-list@lists.celestial.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">On Tue, Mar 26, 2019 at 09:25:42PM -0400, <a href="mailto:scooter6@gmail.com" target="_blank">scooter6@gmail.com</a> thus spoke:<br>
> Well I'm glad I could piss you off<br>
<br>
-Wrong answer-, especially from someone who saw fit to bother me -in<br>
private-, off-list, TEN times with their problems, without offering to<br>
compensate me:<br>
<br>
81 + Mar 24 scooter6@gmail. ( 6.9K) ÀÄ&Ä><br>
82 + Mar 24 scooter6@gmail. ( 7.6K) ÀÄ><br>
83 r + Mar 24 scooter6@gmail. ( 9.0K) ÀÄ><br>
85 r + Mar 25 scooter6@gmail. ( 16K) ÃÄ&Ä><br>
87 r + Mar 25 scooter6@gmail. ( 34K) ³ ÀÄ&Ä><br>
89 r + Mar 25 scooter6@gmail. ( 70K) ³ ÀÄ&Ä><br>
91 + Mar 25 scooter6@gmail. ( 137K) ³ ÀÄ&Ä><br>
92 r + Mar 25 scooter6@gmail. ( 140K) ³ ÀÄ><br>
94 + Mar 25 scooter6@gmail. ( 255K) ³ ÀÄ&Ä><br>
95 + Mar 24 scooter6@gmail. ( 9.9K) ÀÄ><br>
<br>
...until I mentioned that anything further would need to be paid<br>
work because you were taking time away from other clients. Then you<br>
mysteriously went radio silent after saying, "I understand. I'll reach out<br>
if it comes to that." Until dragging Yet Another *nix 101 question back to<br>
a non-*nix community, with an issue wholly unrelated to filePro.<br>
<br>
Learning all the wrong lessons, and unable to take a hint, I see.<br>
<br>
For my part, you're done. Being a jerk and just using me for a couple<br>
days, giving an up-to-the-second ongoing tally of your repeated failures<br>
in systems administration in private for which I never asked and without<br>
compensation, and seeking further help under the same terms was one thing.<br>
I stopped that in its tracks by mere -mention- of the word 'money', which<br>
speaks volumes.<br>
<br>
Being a -complete- dick and saying you're -glad- you could piss me off?<br>
Really? Let's just say you'll -better- have a checkbook in hand if you<br>
ever contact -me- off-list again for -any- reason, quite possibly including<br>
previously complimentary product support for my software, the way you just<br>
tried pulling that guilt trip (which utterly and spectacularly failed, by<br>
the way), and attempting to make me look like the bad guy when you're the<br>
one who's been taking advantage, both publicly and privately.<br>
<br>
It's one thing to persist in what you were doing with OT stuff before.<br>
It's quite another to unsolicitedly take it private, persist without<br>
offering remuneration (professionally rude, not to put too fine a point on<br>
it), take it to the point you have to be shut down so I can get a moment's<br>
peace and do my actual paying work for paying clients, and then bring it<br>
-back- to the list because you just trashed your goodwill with the person<br>
you were privately using behind-the-scenes Ä with yet -another- wholly<br>
non-filePro problem, no less. <br>
<br>
Yeah, I'm going to call you on it. Damned straight, Skippy. And not that<br>
I actually -need- someone to back me on it, but someone just wrote me<br>
privately saying they feel I'm actually in the right -before- seeing this<br>
current response, and they didn't even know about the private thread you<br>
kept going. Well, they do now. :) (At this point, the intelligent person<br>
whould figure out they've stepped in it, and just quietly stand down.<br>
We'll see how bright you are.)<br>
<br>
As Paul Harvey used to say, now people know the -rest- of the story.<br>
<br>
Nice try, but perhaps you should rethink your behaviour before taking a pot<br>
shot guilt trip at me or the community. You don't exactly have the high<br>
moral ground from which to debate the issue. You want to go on about<br>
'community', try treating it as such, rather than as unpaid labour.<br>
<br>
Have fun, and good luck with that C7 box!<br>
<br>
"Shutdown complete."<br>
<br>
mark-><br>
<br>
<br>
> Next time I won't start my post with OT unless it involves a joke<br>
> thanks for your time and input<br>
> As I said, I mimicked my setup that worked for me on 5.10 but for some<br>
> reason complains with the exact same setup on centos 7<br>
> I know sftp works out of the box on centos 7 - but these users should<br>
> be jailed and not able to navigate around other than to their<br>
> 'attachments' directory- they drop off files and that's it....<br>
> I'll look at my configuration again and see if everything is in order<br>
> moving forward I'll make sure I have my checkbook in hand when asking<br>
> for any assistance from this 'community'<br>
> <br>
> On Tue, Mar 26, 2019 at 9:11 PM Fairlight via Filepro-list<br>
> <[1]<a href="mailto:filepro-list@lists.celestial.com" target="_blank">filepro-list@lists.celestial.com</a>> wrote:<br>
> <br>
> This is way outside the scope of filePro. For that matter, so was<br>
> the mail<br>
> stuff last week.<br>
> At this point, you've come to the filePro list for a good percentage<br>
> of<br>
> what should be Linux 101 and done within the scope of a CentOS<br>
> community,<br>
> asking us to help set up your new box. While it's been a form of<br>
> cheap<br>
> amusement to watch you go on this journey, that benefit has<br>
> outstayed its<br>
> welcome, at least for me. In fact, it's annoying the hell out of<br>
> me,<br>
> because you should be either researching your problems, or paying<br>
> someone<br>
> to do it. As someone who does systems administration for a living,<br>
> I<br>
> can say I'm quite irked on principle to see you repeatedly trying to<br>
> get<br>
> something for nothing in terms of systems administration. It's<br>
> like going<br>
> to a professional car mechanics' retreat without being a<br>
> professional<br>
> mechanic yourself, and trying to get your car fixed for free.Â<br>
> Insulting<br>
> doesn't quite do it justice.<br>
> At the -very- least, you should be leaning on a community actually<br>
> focused<br>
> on the platform at hand.<br>
> Respectfully, I would suggest you either hire someone who can get it<br>
> done, or find a community better suited to handling the<br>
> *nix-specific<br>
> issues you keep running into which are wholly unrelated to filePro<br>
> itself. You may use filePro, but these aren't even filePro<br>
> integration<br>
> problems/issues/questions, at this point. These are *nix subsystem<br>
> and<br>
> functionality issues, full stop.<br>
> What you've been doing is the equivalent of someone coming in here<br>
> and<br>
> asking how to configure IIS on Windows. It makes about as much<br>
> sense, and<br>
> it's really not the venue.<br>
> If this is for a hobby, figure it out. If this is for business, it<br>
> should<br>
> be paid work for someone, past a certain point. You've really been<br>
> pushing<br>
> it lately.<br>
> And for the record, stock sftp on CentOS 7 works just fine. I've<br>
> got it<br>
> working on many boxes, and there are no issues as long as<br>
> permissions and<br>
> groups are correct.<br>
> /home/ should be root:root 0755.<br>
> /home/frontier/ should be root:root 0755.<br>
> Under there, you should have subdirectories for file storage and<br>
> retrieval.<br>
> Assume a common idiom of inbound and outbound:<br>
> /home/frontier/inbound/ frontier:users 0755<br>
> /home/frontier/outbound/ frontier:users 0755<br>
> You need those subdirectories, because frontier will not be able to<br>
> write<br>
> directly to a directory owned by root with 0755, which is mandatory.<br>
> You do -not- actually need the sftponly group on the<br>
> subdirectories. That<br>
> group serves only as a trigger for sftp jailing.<br>
> The user -must- have sftponly as their primary group.<br>
> This is the sshd_config section which works for me:<br>
> Match group sftponly<br>
> Â Â Â Â X11Forwarding no<br>
> Â Â Â Â AllowTcpForwarding no<br>
> Â Â Â Â ForceCommand internal-sftp<br>
> Â Â Â Â ChrootDirectory %h<br>
> I wonder if you have /home/ set incorrectly. Aside from<br>
> ChrootDirectory<br>
> expando differences, the rest of what you have looks correct.<br>
> I can, however, confirm that sftp works just fine on CentOS 7 with<br>
> openssh-7.4p1-16.el7.x86_64. I'm looking directly at a working one<br>
> which<br>
> has been verified and is in production.<br>
> mark-><br>
> On Tue, Mar 26, 2019 at 07:13:33PM -0400, scooter6--- via<br>
> Filepro-list thus spoke:<br>
> > Is anyone aware of anything changing as to how to chroot sftp<br>
> users on<br>
> > centos 7?<br>
> > I have everything setup identically on new server and keep getting<br>
> > fatal: bad ownership or modes for chroot di<br>
> > rectory component "/" [postauth]<br>
> ><br>
> > Every thing I know root has to own the directory in full path up<br>
> until<br>
> > chroot directory<br>
> ><br>
> > The only way I can even get a sftpuser to connect is if I make<br>
> them the own<br>
> > of the /home directory<br>
> ><br>
> > Old server:  this is in /home<br>
> ><br>
> > drwxr-xr-x 3 root  root  4096 Oct 16 11:15 frontier<br>
> ><br>
> > Then, if you go to /home/frontier:<br>
> ><br>
> > drwxr-xr-x 3 frontier sftponly 4096 Mar 19 15:45 attachments<br>
> ><br>
> > sshd_config:<br>
> ><br>
> > Match Group sftponly<br>
> >Â Â Â Â Â ChrootDirectory /home/%u<br>
> >Â Â Â Â Â ForceCommand internal-sftp<br>
> >Â Â Â Â Â X11Forwarding no<br>
> >Â Â Â Â Â AllowTcpForwarding no<br>
> ><br>
> > New server:Â Â this is in /home<br>
> ><br>
> > drwxr-xr-x  4 root  root   38 Mar 26 18:17 frontier<br>
> ><br>
> > Then, if you do to /home/frontier:<br>
> ><br>
> > drwxr-xr-x 2 frontier sftponly 6 Mar 26 19:05 attachments<br>
> ><br>
> > sshd_config has:<br>
> ><br>
> > Match Group sftponly<br>
> >Â Â Â Â Â ChrootDirectory /home/%u<br>
> >Â Â Â Â Â ForceCommand internal-sftp<br>
> >Â Â Â Â Â X11Forwarding no<br>
> >Â Â Â Â Â AllowTcpForwarding no<br>
> ><br>
> > Only thing different on serves are the UID/GIDs<br>
> ><br>
> > Old server for frontier:<br>
> ><br>
> > id frontier<br>
> ><br>
> > uid=1014(frontier) gid=502(sftponly) groups=502(sftponly)<br>
> ><br>
> > New server:<br>
> ><br>
> > id frontier<br>
> ><br>
> > uid=2043(frontier) gid=1503(sftponly) groups=1503(sftponly)<br>
> ><br>
> > Old server, /etc/passwd<br>
> >Â Â frontier:x:1014:502::/attachments:/bin/false<br>
> ><br>
> > New server, /etc/passwd<br>
> >Â Â frontier:x:2043:1503::/attachments:/bin/false<br>
> ><br>
> > I even tried creating a new group, new user, etc - it's typically<br>
> straight<br>
> > forward, but I can't get any combination to work that others swear<br>
> works<br>
> > for them. This isn't normally difficult but I've been working on<br>
> this for<br>
> > 4 hours and can't get the right combination to seem to work<br>
> ><br>
> > Has anyone successfully gotten this to work on centos 7?<br>
> ><br>
> > thanks<br>
> > -------------- next part --------------<br>
> > An HTML attachment was scrubbed...<br>
> > URL:<br>
> <[2]<a href="http://mailman.celestial.com/pipermail/filepro-list/attachments/" target="_blank" rel="noreferrer">http://mailman.celestial.com/pipermail/filepro-list/attachments/</a><br>
> 20190326/6ae6eec6/attachment.html><br>
> > _______________________________________________<br>
> > Filepro-list mailing list<br>
> > [3]<a href="mailto:Filepro-list@lists.celestial.com" target="_blank">Filepro-list@lists.celestial.com</a><br>
> > Subscribe/Unsubscribe/Subscription Changes<br>
> > [4]<a href="http://mailman.celestial.com/mailman/listinfo/filepro-list" target="_blank" rel="noreferrer">http://mailman.celestial.com/mailman/listinfo/filepro-list</a><br>
> ><br>
> --<br>
> Audio panton, cogito singularis.<br>
> _______________________________________________<br>
> Filepro-list mailing list<br>
> [5]<a href="mailto:Filepro-list@lists.celestial.com" target="_blank">Filepro-list@lists.celestial.com</a><br>
> Subscribe/Unsubscribe/Subscription Changes<br>
> [6]<a href="http://mailman.celestial.com/mailman/listinfo/filepro-list" target="_blank" rel="noreferrer">http://mailman.celestial.com/mailman/listinfo/filepro-list</a><br>
> <br>
> References<br>
> <br>
> 1. mailto:<a href="mailto:filepro-list@lists.celestial.com" target="_blank">filepro-list@lists.celestial.com</a><br>
> 2. <a href="http://mailman.celestial.com/pipermail/filepro-list/attachments/20190326/6ae6eec6/attachment.html" target="_blank" rel="noreferrer">http://mailman.celestial.com/pipermail/filepro-list/attachments/20190326/6ae6eec6/attachment.html</a><br>
> 3. mailto:<a href="mailto:Filepro-list@lists.celestial.com" target="_blank">Filepro-list@lists.celestial.com</a><br>
> 4. <a href="http://mailman.celestial.com/mailman/listinfo/filepro-list" target="_blank" rel="noreferrer">http://mailman.celestial.com/mailman/listinfo/filepro-list</a><br>
> 5. mailto:<a href="mailto:Filepro-list@lists.celestial.com" target="_blank">Filepro-list@lists.celestial.com</a><br>
> 6. <a href="http://mailman.celestial.com/mailman/listinfo/filepro-list" target="_blank" rel="noreferrer">http://mailman.celestial.com/mailman/listinfo/filepro-list</a><br>
<br>
-- <br>
Fairlight Consulting<br>
<a href="http://www.fairlite.com" target="_blank" rel="noreferrer">http://www.fairlite.com</a><br>
<a href="mailto:fairlite@fairlite.com" target="_blank">fairlite@fairlite.com</a><br>
(502) 509-3840<br>
_______________________________________________<br>
Filepro-list mailing list<br>
<a href="mailto:Filepro-list@lists.celestial.com" target="_blank">Filepro-list@lists.celestial.com</a><br>
Subscribe/Unsubscribe/Subscription Changes<br>
<a href="http://mailman.celestial.com/mailman/listinfo/filepro-list" target="_blank" rel="noreferrer">http://mailman.celestial.com/mailman/listinfo/filepro-list</a><br>
</blockquote></div>