0

I am new to docker. I'm trying to get atmoz/sftp container work with Azure Storage.

My goal is to have multiple SFTP users who will upload files to their own folders which I can then find on Azure Storage.

I used the following command:

az container create \
--resource-group test \
--name testsftpcontainer \
--image atmoz/sftp \
--dns-name-label testsftpcontainer \
--ports 22 \
--location "East US" \
--environment-variables SFTP_USERS="ftpuser1:yyyy:::incoming ftpuser2:xxx:::incoming" \
--azure-file-volume-share-name test-sftp-file-share \
--azure-file-volume-account-name storagetest \
--azure-file-volume-account-key "zzzzzz" \
--azure-file-volume-mount-path /home

The container is created and run but when I unsuccessfully try to connect via Filezilla I get this in log:

Accepted password for ftpuser2 from 10.240.xxx.xxx port 64982 ssh2 
bad ownership or modes for chroot directory component "/home/"

If I use /home/ftpuser1/incoming it works for one of the users.

Do I need to change permissions on the /home directory first? If so, how?

Vilém Procházka
  • 1,060
  • 2
  • 17
  • 28

2 Answers2

1

Of course, you can mount the Azure File Share to the container directory /home. And it works perfectly on my side:

enter image description here enter image description here

And I also make a test with the image atmoz/sftp. And it also works fine. The command here:

az container create -g myResourceGroup \
-n azuresftp \
--image atmoz/sftp \
--ports 22 \
--ip-address Public \
-l eastus \
--environment-variables SFTP_USERS="ftpuser1:yyyy:::incoming ftpuser2:xxx:::incoming" \
--azure-file-volume-share-name fileshare \
--azure-file-volume-mount-path /home \
--azure-file-volume-account-name xxxxxx \
--azure-file-volume-account-key xxxxxx

Here is the screenshot:

enter image description here

Update:

With the requirements, the error shows the bad ownership and it's impossible to control the permissions when you mount the Azure file share to the path /home or /home/user right now. So I recommend you mount the Azure file share to the path /home/user/upload of every user and it will go to the same result as you need.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • Thanks for testing this. I was a bit unclear in my question though. The container gets created and started. The error occurs when i connect to the SFTP via Filezilla. – Vilém Procházka Mar 20 '20 at 12:21
  • 1
    @VilémProcházka For your issue, now it's impossible to mount the Azure file share to the path /home or /home/user to make the sftp available. But you can mount the file share to the directory under every user home path, for example, the path /home/user/upload. It's the same result with mount the file share to the path /home/user. – Charles Xu Apr 02 '20 at 08:18
  • Thanks, I was worried that's the case. For simplicity sake, I used the solution found in my answer. Works for me but others might need to do what you suggest. – Vilém Procházka Apr 02 '20 at 09:06
  • @VilémProcházka I think my suggestion is more appropriate for SFTP with multiple users. And if you do not mind, please accept my answer and I will add the suggestion in the answer. – Charles Xu Apr 02 '20 at 09:08
  • Done, please modify your answer accordingly so there's no confusion. – Vilém Procházka Apr 02 '20 at 09:11
  • I'm trying somewhat similar and able to deploy with 2 users. Now I want these 2 users to connect the same two folders visible to them but user1 should have write permission to one folder and only read permission to other folder and same goes to other user. Is it possible to achieve this functionality. Right now I'm trying to edit the running container files and checking one by one. – sam Sep 02 '20 at 04:47
  • @sam Please ask another question and provide more details and what you have tried. – Charles Xu Sep 02 '20 at 06:25
  • @charles please find the link of new question https://stackoverflow.com/questions/63700505/how-to-create-multiple-users-with-multiple-folders-with-user-defined-permission – sam Sep 02 '20 at 07:16
  • @sam What is the link? Can you share with me? – Charles Xu Sep 02 '20 at 07:17
  • @Charles Find the link in previous comment. – sam Sep 02 '20 at 07:26
  • @sam Well, I will take a look. – Charles Xu Sep 02 '20 at 07:28
  • @CharlesXu Can you explain why it is impossible to create a /home/username/ folder and use it for SFTP? I have tried this in SFTP ACI ARM template: "mountPath": "[concat('/home/', parameters('sftpUser'), '/)]". Trying to connect with WINSCP gives me access denied when I have logged in. Is it not possible at all to create an SFTP with ACI where when I connect, then I am able to create several folders in the SFTP root directory? This only works if I create a folder like "/home/username/upload". Then I can create multiple sub folders under the upload folder on the SFTP. – Oliver Nilsen Sep 21 '20 at 13:49
  • @OliverNilsen The key reason is that you cannot change the permission of the mount point. – Charles Xu Sep 22 '20 at 02:34
0

I could not find a solution to the problem. In the end I used another approach: - I mounted the Azure storage into another unrelated folder /mount/sftpfiles - After the container was built, I ran these commands:

apt update apt-get -y install lsyncd lsyncd -rsync /home /mnt/sftpfiles

They download a tool called lsyncd which watches for file system changes and copies files to another folder when a change occurs.

This solves my requirement but it has a side effect of duplicating all files (that's not a problem for me).

I'm still open to other suggestions that would help me make this cleaner.

Vilém Procházka
  • 1,060
  • 2
  • 17
  • 28