Snow Leopard \u306b\u6a19\u6e96\u3067\u4ed8\u3044\u3066\u3044\u308bOpenSSH\u3067ssh\u30b5\u30fc\u30d0\u904b\u7528\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u305d\u3053\u3067\u3001\u7b2c\u4e09\u8005\u306bsftp\u3092\u63d0\u4f9b\u3059\u308b\u3053\u3068\u306b\u306a\u3063\u305f\u306e\u3067\u3059\u304c\u3001\u666e\u901a\u306b\u63d0\u4f9b\u3059\u308b\u3068\u4ed6\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u307e\u3067\u898b\u3048\u3066\u3057\u307e\u3044\u307e\u3059\u306d\u3002\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3067\u304c\u3061\u304c\u3061\u306b\u3059\u308b\u306e\u3082\u826f\u3044\u306e\u3067\u3059\u304c\u3001\u629c\u3051\u304c\u3042\u3063\u305f\u308a\u3059\u308b\u3068\u3053\u308c\u307e\u305f\u5927\u5909\u3067\u3059\u3002(^_^)<\/p>\n
\u305d\u3053\u3067\u3001\u7279\u5b9a\u306e\u30e6\u30fc\u30b6\u306b\u306f chroot \u3057\u3066\u3001\u5b8c\u5168\u306b\u96a0\u853d\u3057\u305fsftp\u74b0\u5883\u3092\u63d0\u4f9b\u3057\u3088\u3046\u3068\u3044\u3046\u7b97\u6bb5\u3067\u3059\u3002
\n\u6700\u8fd1\u306bOpenSSH\u306f\u6a19\u6e96\u3067\u7c21\u5358\u306bchroot\u306e\u8a2d\u5b9a\u304c\u51fa\u6765\u307e\u3059\u306e\u3067\u3053\u308c\u306f\u30e9\u30c3\u30ad\u30fc\u3002(\u3061\u3087\u3063\u3068\u524d\u307e\u3067\u5927\u5909\u3060\u3063\u305f\u3093\u3067\u3059\u3088\u3002\u3002;p)<\/p>\n
\u3067\u3082\u3001sftp\u3067chroot\u306a\u3093\u3066\u7686\u3055\u3093\u3084\u3063\u3066\u3044\u308b\u3053\u3068\u3067\u3059\u306d\u3002(^_^)
\n\u4eca\u56de\u306f\u3001Mac \u306e Leopard \u74b0\u5883\u3067\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u3060\u3051\u3092\u3082\u3061\u3044\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u3067\u306f\u306a\u304f\u3066\u3001\u3061\u3083\u3093\u3068\u516c\u958b\u9375\u3092\u4f7f\u3046\u74b0\u5883\u69cb\u7bc9\u3092\u3084\u308a\u307e\u3059\u3002<\/p>\n
\u4f55\u3092\u8a00\u3044\u305f\u3044\u306e\u304b\u3068\u3044\u3046\u3068\u3001\u3001\u3001\u3001
\n\u516c\u958b\u9375\u3092\u4f7f\u3063\u3066\u3001\u306a\u304a\u304b\u3064\u3001chroot\u306b\u3066\u5b89\u5168\u306asftp\u74b0\u5883\u3092\u30e6\u30fc\u30b6\u306b\u63d0\u4f9b\u3059\u308b\u8a2d\u5b9a\u4f8b\u3067\u3059\u3002<\/p>\n
\u4f5c\u696d\u306f\u3001\u5927\u4f533\u3064\u3067\u3059\u3002<\/p>\n
1, \u30e6\u30fc\u30b6\u306e\u4f5c\u6210\u3068\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u306e\u4f5c\u6210(\u9375\u7f6e\u304d\u5834)
\n2. chroot\u3057\u3066\u30e6\u30fc\u30b6\u306b\u63d0\u4f9b\u3059\u308bsftp\u74b0\u5883\u306e\u4f5c\u6210
\n3. sshd\u306e\u8a2d\u5b9a(sshd_config)<\/p>\n
\u3067\u306f\u3001\u3055\u3063\u305d\u304f\u3002\u3002\u3002<\/p>\n
1. \u30e6\u30fc\u30b6\u306e\u4f5c\u6210\u3068\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4f5c\u6210(\u9375\u7f6e\u304d\u5834)<\/p>\n
Leopard \u3067\u306f\u3001\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u306a\u3069\u306fDirectry Service\u3067\u884c\u3063\u3066\u304a\u308a\u307e\u3059\u3002\u306a\u306e\u3067\u3001dscl\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u307e\u3059\u3002dscl\u3063\u3066\u899a\u3048\u306b\u304f\u3044\u3067\u3059\u304c\u3001\u3053\u308c\u306fDirectory Service command line\u306e\u7565\u3067\u3059\u306d\u3002
\n\u666e\u6bb5\u306f \/Users \u306e\u76f4\u4e0b\u306b\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4ed6\u306e\u306f\u66f8\u3067\u3082\u826f\u3044\u306e\u3067\u3059\u304c\u3001\u3068\u308a\u3042\u3048\u305a\u3001sftpuser \u3068\u3044\u3046\u540d\u524d\u3067\u4f5c\u6210\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n
\u307e\u305a\u306f\u3001\u5229\u7528\u3055\u308c\u3066\u3044\u306a\u3044UID(UniqueID)\u3068GID(PrimaryGroupID)\u3092\u5f97\u307e\u3059\u3002<\/p>\n
$ dscl . -list \/Users UniqueID
\n$ dscl . -list \/Groups PrimaryGroupID<\/p>\n
\u65e2\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308bUID\u3084GID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\u307e\u3060\u3001\u767b\u9332\u3055\u308c\u3066\u3044\u306a\u3044\u6570\u5b57\u3092\u9078\u3073\u307e\u3059\u3002\u4eca\u56de\u306f\u3081\u3093\u3069\u304f\u3055\u3044\u306e\u3067\u4e21\u65b9\u3068\u3082600\u306b\u3057\u307e\u3059\u3002<\/p>\n
\u3055\u3042\u3001\u4f5c\u6210\u3057\u307e\u3059\u3002sudo\u30b3\u30de\u30f3\u30c9\u306b\u3066\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
$ sudo dscl . -create \/Groups\/sftpuser PrimaryGroupID 600
\n$ sudo dscl . -create \/Users\/sftpuser UniqueID 600
\n$ sudo dscl . -create \/Users\/sftpuser RealName Sftpuser
\n$ sudo dscl . -create \/Users\/sftpuser PrimaryGroupID 600
\n$ sudo dscl . -create \/Users\/sftpuser NFSHomeDirectory \/Users\/sftpuser
\n$ sudo dscl . -create \/Users\/sftpuser Password “*”
\n$ sudo \/usr\/sbin\/createhomedir -b -u sftpuser<\/p>\n
\u3053\u308c\u3067\u3001\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u305f\u3081\u306e\u30e6\u30fc\u30b6\u304c\u4f5c\u6210\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n
2. chroot\u3057\u3066\u30e6\u30fc\u30b6\u306b\u63d0\u4f9b\u3059\u308bsftp\u74b0\u5883\u306e\u4f5c\u6210<\/p>\n
\u30e6\u30fc\u30b6\u304b\u3089\u4f55\u3092\u3055\u308c\u3066\u826f\u3044\u74b0\u5883\u3001\u304a\u3063\u3068\u3001\u30e6\u30fc\u30b6\u304c\u3044\u308d\u3044\u308d\u30d5\u30a1\u30a4\u30eb\u3092\u7f6e\u304f\u305f\u3081\u306e\u74b0\u5883\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002
\n\u4eca\u56de\u306f\u3001\/Users\/sftpwork \u3092\u5272\u308a\u5f53\u3066\u307e\u3057\u3087\u3046\u3002<\/p>\n
\u307e\u3059\u306f\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u30b3\u30b3\u304c\u91cd\u8981\u3002\u30aa\u30fc\u30ca\u306froot\u3067\u3059\u3001\u307e\u305f\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3082root\u3055\u3093\u4ee5\u5916\u306f\u66f8\u304d\u8fbc\u307f\u3067\u304d\u306a\u3044\u30d1\u30df\u30c3\u30b7\u30e7\u30f3<\/b>\u306b\u3057\u307e\u3059\u3002<\/p>\n
$ sudo mkdir \/Users\/sftpwork
\n$ sudo chown root:admin \/Users\/sftpwork
\n$ sudo chmod 755 \/Users\/sftpwork<\/p>\n
\/Users\/sftpwork\u76f4\u4e0b\u306fsftpuser\u3055\u3093\u304c\u66f8\u304d\u8fbc\u307f\u3067\u304d\u306a\u3044<\/b>\u306e\u3067\u3001sftpuser\u3055\u3093\u306e\u30aa\u30fc\u30ca\u306e\u30b5\u30d6\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u3063\u3066\u3042\u3052\u307e\u3059\u3002
\n\u305f\u3068\u3048\u3070\u3001web\u30da\u30fc\u30b8\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30eb\u30fc\u30c8\u306b\u6307\u5b9a\u3057\u3066\u3042\u3052\u308b\u306a\u3089 \/Users\/sftpuser\/docroot \u3068\u304b\u3001\u30ed\u30b0\u30d5\u30a1\u30a4\u30eb\u3092\u63d0\u4f9b\u3057\u3066\u3042\u3052\u308b\u306a\u3089\u3001\/Users\/sftpuser\/logs \u3068\u304b\u3002\u307e\u3001\u3044\u308d\u3044\u308d\u8003\u3048\u3089\u308c\u307e\u3059\u306d\u3002<\/p>\n
3. sshd\u306e\u8a2d\u5b9a(sshd_config)<\/p>\n
\u6700\u5f8c\u306b\u3001ssh\u306e\u8a2d\u5b9a\u3067\u3059\u3002
\nLeopard\u306b\u306f\u3001ssh(sftp)\u306bOpenSSH\u304c\u3042\u3089\u304b\u3058\u3081\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u3053\u3067\u306f\u3001sftpuser\u3055\u3093\u306b\u5b89\u5168\u306bsftp\u3092\u63d0\u4f9b\u3059\u308b\u3068\u3053\u308d\u3060\u3051\u8aac\u660e\u3057\u307e\u3059\u3002\u3054\u5b58\u3058\u306e\u3088\u3046\u306b\u3001\/etc\/sshd_config \u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3057\u307e\u3059\u3002\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u8a8d\u8a3c\u3059\u308b\u306e\u306f\u5fc3\u8a31\u306a\u3044\u306e\u3067\u516c\u958b\u9375\u3067\u306e\u307f\u306e\u8a8d\u5bb9\u306b\u3057\u307e\u3059\u3002<\/p>\n
sshd_config \u30d5\u30a1\u30a4\u30eb\u306e\u6700\u5f8c\u306b\u3001<\/p>\n
Match User sftpuser
\nChrootDirectory \/Users\/sftpwork\/
\nX11Forwarding no
\nAllowTcpForwarding no
\nForceCommand internal-sftp<\/p>\n
\u305d\u308c\u304b\u3089\u3001Subsystem \u306e\u8a18\u8f09\u306e\u6240\u3092\u63a2\u3057\u3066<\/p>\n
#Subsystem sftp \/usr\/libexec\/sftp-server
\nSubsystem sftp internal-sftp<\/p>\n
\u3068\u3044\u3046\u3088\u3046\u306b\u3001\u5916\u90e8\u30b3\u30de\u30f3\u30c9\u306e\/usr\/libexec\/sftp-server\u3092\u4f7f\u7528\u3057\u306a\u3044\u3088\u3046\u306b\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3057\u3066\u3001sshd\u7d44\u8fbc\u306esftp\u30b5\u30fc\u30d0\u3092\u5229\u7528\u3059\u308b\u65e2\u8ff0\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002\u3082\u3061\u308d\u3093\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u3057\u306a\u3044\u306e\u3067\u3001<\/p>\n
PasswordAuthentication no<\/p>\n
\u306f\u3001\u3069\u3053\u304b\u306b\u8a18\u8f09\u3057\u3066\u304a\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u3055\u3066\u3001\u6700\u5f8c\u306b\u516c\u958b\u9375\u3092\u8a2d\u7f6e\u3057\u307e\u3059\u3002<\/p>\n
\u516c\u958b\u9375\u306f\u3001\u3082\u3061\u308d\u3093\u30e6\u30fc\u30b6\u3055\u3093\u304c\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f5c\u308a\u65b9\u306f\u3001\u7701\u7565\u3057\u307e\u3059\u304cssh_keygen\u30b3\u30de\u30f3\u30c9\u4f5c\u6210\u3067\u304d\u307e\u3059\u3002
\n\u516c\u958b\u9375\u306f\u3001\/Users\/sftpuser\/.ssh\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306bauthorized_keys\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u3067\u4fdd\u5b58\u3057\u307e\u3059\u3002\u305d\u306e\u6642\u3001\u3082\u3061\u308d\u3093\u30d5\u30a1\u30a4\u30eb\u306e\u30aa\u30fc\u30ca\u306fsftpuser\u3055\u3093\u3067\u3059\u304c\u3001.ssh\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u30d1\u30df\u30c3\u30b7\u30e7\u30f3\u306f700\u3001authorized_keys\u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30df\u30c3\u30b7\u30e7\u30f3\u306f600\u3067\u7121\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002\u3064\u307e\u308a\u3001drwx——\u3001-rw——- \u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n
\u3053\u308c\u3067\u3001\u5b89\u5168\u306bsftp\u74b0\u5883\u3092\u63d0\u4f9b\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
\u3057\u304b\u3057\u3001\u3001\u3001\u79c1\u306e\u74b0\u5883\u3067\u306f\u3053\u308c\u3067\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002(^_^;
\n\u5b9f\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u30b5\u30fc\u30d0\u306e\u30ed\u30b0\u306b\u51fa\u3066\u307e\u3057\u305f\u3002<\/p>\n
fatal: bad ownership or modes for chroot directory component “\/”<\/p>\n
\u306a\u306b\u306a\u306b? \/\u30eb\u30fc\u30c8\u306e\u30aa\u30fc\u30ca\u304c\u30e2\u30fc\u30c9\u304c\u5909\u3060\u3068? \u305f\u3076\u3093\u306b\u3001\u30d1\u30df\u30c3\u30b7\u30e7\u30f3\u304c\u5909\u306a\u306e\u3067\u3057\u3087\u3046\u3002
\n“ls -al \/” \u3067\u8abf\u3079\u308b\u3068 \u78ba\u304b\u306b”\/”(\u3053\u3053\u3067\u306f”.”\u3067\u3059\u306d) \u306b\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306egroup\u3068other\u306bw(\u66f8\u304d\u8fbc\u307f)\u6a29\u9650\u304c\u4ed8\u3044\u3066\u307e\u3059\u3002<\/p>\n
sudo chmod go-w \/<\/p>\n
\u3053\u308c\u3067\u3001\/\u306b\u306froot\u3055\u3093\u4ee5\u5916\u3001\u66f8\u304d\u8fbc\u307f\u3067\u304d\u306a\u304f\u306a\u308a\u307e\u3057\u305f\u3002
\n\u7d50\u69cb\u3001\u3053\u308c\u306b\u6c17\u304c\u4ed8\u304f\u306e\u306b\u624b\u9593\u53d6\u3063\u3066\u3057\u307e\u3063\u305f\u3093\u3067\u3059\u3088\u3002\u540c\u3058\u3001\u4e8b\u8c61\u306e\u4eba\u306e\u52a9\u3051\u306b\u306a\u308c\u3070\u5e78\u3044\u3067\u3059\u3002\u3067\u3082\u3001sftp\u74b0\u5883\u3092\u4ed6\u306e\u4eba\u306b\u63d0\u4f9b\u3057\u3066\u3044\u308b\u4eba\u306a\u3093\u3066\u305d\u3093\u306a\u306b\u5c45\u306a\u3044\u304b\u3002\u3002\u3002\u305d\u308c\u3082\u3001Mac\u3067(^_^;<\/p>\n","protected":false},"excerpt":{"rendered":"
Snow Leopard \u306b\u6a19\u6e96\u3067\u4ed8\u3044\u3066\u3044\u308bOpenSSH\u3067ssh\u30b5\u30fc\u30d0\u904b\u7528\u3057\u3066\u3044\u307e\u3059\u3002 \u305d\u3053\u3067\u3001\u7b2c\u4e09\u8005\u306bsftp\u3092\u63d0\u4f9b\u3059\u308b\u3053\u3068\u306b\u306a\u3063\u305f\u306e\u3067\u3059\u304c\u3001\u666e\u901a\u306b\u63d0\u4f9b\u3059\u308b\u3068\u4ed6\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u307e\u3067\u898b\u3048\u3066\u3057\u307e\u3044\u307e\u3059\u306d\u3002\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3067\u304c […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[137,9,138],"_links":{"self":[{"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=\/wp\/v2\/posts\/2105"}],"collection":[{"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2105"}],"version-history":[{"count":1,"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=\/wp\/v2\/posts\/2105\/revisions"}],"predecessor-version":[{"id":2145,"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=\/wp\/v2\/posts\/2105\/revisions\/2145"}],"wp:attachment":[{"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kochikuya.net\/ooyama\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}