Compare commits
merge into: 0k:master
0k:0k/dev/master
0k:backup
0k:bgallet/nextcloud
0k:boris/smtp-extern
0k:charm-codimd-new
0k:cups_service_alpha
0k:dev
0k:dev1
0k:dhcp
0k:element
0k:etherpad-upd
0k:framadate
0k:get-version
0k:lokavaluto/dev/master
0k:master
0k:matomo
0k:new-mailhog-charms
0k:new-monujo-options
0k:nj-collabra-office
0k:nj-keycloak-17.0
0k:nj-organice-charm
0k:nj-vaulwarden-migrate
0k:ntfy-install
0k:odoo_fix_webhook_url
0k:postgres
0k:rsync-stats
0k:test
0k:upd-docker
0k:update-latest-synapse
0k:wip
StephanSainleger:0k/dev/master
StephanSainleger:charm-codimd-new
StephanSainleger:dev
StephanSainleger:dev1
StephanSainleger:dhcp
StephanSainleger:framadate
StephanSainleger:lokavaluto/dev/master
StephanSainleger:master
StephanSainleger:matomo
StephanSainleger:myc-stephan/itty-bitty
StephanSainleger:postgres
StephanSainleger:test
StephanSainleger:ttrss
pull from: StephanSainleger:ttrss
StephanSainleger:0k/dev/master
StephanSainleger:charm-codimd-new
StephanSainleger:dev
StephanSainleger:dev1
StephanSainleger:dhcp
StephanSainleger:framadate
StephanSainleger:lokavaluto/dev/master
StephanSainleger:master
StephanSainleger:matomo
StephanSainleger:myc-stephan/itty-bitty
StephanSainleger:postgres
StephanSainleger:test
StephanSainleger:ttrss
0k:0k/dev/master
0k:backup
0k:bgallet/nextcloud
0k:boris/smtp-extern
0k:charm-codimd-new
0k:cups_service_alpha
0k:dev
0k:dev1
0k:dhcp
0k:element
0k:etherpad-upd
0k:framadate
0k:get-version
0k:lokavaluto/dev/master
0k:master
0k:matomo
0k:new-mailhog-charms
0k:new-monujo-options
0k:nj-collabra-office
0k:nj-keycloak-17.0
0k:nj-organice-charm
0k:nj-vaulwarden-migrate
0k:ntfy-install
0k:odoo_fix_webhook_url
0k:postgres
0k:rsync-stats
0k:test
0k:upd-docker
0k:update-latest-synapse
0k:wip
2 Commits
Author | SHA1 | Message | Date |
---|---|---|---|
StephanSainleger | 62a3948f5d |
Merge pull request 'maj master' (#1) from 0k/0k-charms:master into master
Reviewed-on: https://git.myceliandre.fr/StephanSainleger/0k-charms/pulls/1 |
3 years ago |
Valentin Lab | 7981ed7dec |
new: add doc to ``sftp`` charm
Signed-off-by: Valentin Lab <valentin.lab@kalysto.org> |
3 years ago |
1 changed files with 75 additions and 0 deletions
@ -0,0 +1,75 @@ |
|||
* Presentation |
|||
|
|||
This charm allows you to host a SFTP (using ssh) with it's own user |
|||
database. They can be authenticated with a password or with a SSH key. |
|||
|
|||
You can choose exactly what data will be accessible to them by mount |
|||
binding each directory you want to share from the host in their own |
|||
home directory in the container. (see the examples). |
|||
|
|||
The permissions should be managed through group permissions, directly |
|||
from the host and in the shared directory. |
|||
|
|||
Each user in the container will be part of multiple groups |
|||
(configurable via the options of the charm in your service definition |
|||
of the =compose.yml=), and the GID of the groups will be the same on |
|||
the host and on the container. |
|||
|
|||
* Example configuration |
|||
|
|||
#+begin_src yaml |
|||
sftp: |
|||
docker-compose: |
|||
ports: |
|||
- "10622:22" |
|||
volumes: |
|||
## Here we allow access to specific directories only by binding |
|||
## them in their home directory: |
|||
- /srv/datastore/data/www/var/www/www.myclientwebsite.com:/home/myclient1/www.myclientwebsite.com:rw |
|||
- /srv/datastore/data/www/var/www/www.myclientwebsite.com:/home/myclient2/www.myclientwebsite.com:rw |
|||
options: |
|||
users: |
|||
myclient1: |
|||
## These groups are created on the container with the given GID |
|||
## Note that UID/GID are the same for the container and the host, |
|||
## So don't forget to give the appropriate rights from the host on |
|||
## the shared directory to ensure that access is effectively granted |
|||
## as you want to the customer |
|||
groups: |
|||
- sftpaccess-rw:3000 |
|||
password: FaKePaSSw0rdT0Ch4Ng3 |
|||
keys: |
|||
- "ssh-rsa AAAAB3NzaC2yc2Z..." |
|||
myclient2: |
|||
## These groups are created on the container with the given GID |
|||
## Note that UID/GID are the same for the container and the host, |
|||
## So don't forget to give the appropriate rights from the host on |
|||
## the shared directory to ensure that access is effectively granted |
|||
## as you want to the customer |
|||
groups: |
|||
- sftpaccess-rw:3000 |
|||
password: FaKePaSSw0rdT0Ch4Ng3 |
|||
keys: |
|||
- "ssh-rsa AAAAB3NzBC1yc2X..." |
|||
#+end_src |
|||
|
|||
|
|||
In this case, you'll need also to make sure to set up correctly the |
|||
directories you shared, in this example, only |
|||
=/srv/datastore/data/www/var/www/www.myclientwebsite.com= is shared : |
|||
you are expected to set the permissions of the group identified by the |
|||
id `3000`. |
|||
|
|||
Using getfacl/setfacl is the right tool most of the time. If you don't |
|||
have it: |
|||
|
|||
#+begin_src sh |
|||
apt-get install acl |
|||
#+end_src |
|||
|
|||
Then, you could: |
|||
|
|||
#+begin_src sh |
|||
find /srv/datastore/data/www/var/www/www.myclientwebsite.com -type d \ |
|||
-exec getfacl -mR d:g:3000:rwx,d:g:3000:rwx |
|||
#+end_src |
Write
Preview
Loading…
Cancel
Save
Reference in new issue