SFTP access to everything

out of curiosity I tried an SFTP connection via filezilla from the windows client. Using the user configured, It worked and allowed me to browse all the directories. I mean ALL the directories and download / upload to anywhere on server.

This concerned me more than a little

What user?

Can you provide some examples? I’d like to reproduce this behavior!

Okay clean install again, I made a transcript of all my actions. I still cannot connect to a simple share. BUT using filezilla sftp the a created user can access everything.

Linux is not my strength so do tell me if I’ve done something really stupid!

Here is what I did:

Installed CentOS 7
yum update
yum localinstall -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm
nethserver-install (IP addess was empty https://:980)
yum group install "GNOME Desktop"
login to web interface
configured NIC2 as internal green static IP
re-configured NIC1 as internet red DHCP
DHCP module enable DHCP on NIC2
software center - add domain control: samba
domain control - enter IP and clicked bridged - start DC
prompted to enable admin account - gave admin user password
created new group "mygroup"
created another user "ryan" and added to mygroup
software center - fileserver - add
shared folders - create new share "test" mygroup as owning group - read write permission
on a windows pc changed workgroup to "SERVER" - reboot
navigate to network - lacloue folder visible "test" - try to gain access - enter user "ryan@server.local" denied.

I then tried Filezilla sftp connection

I then proceeded to browser to and download a file:

Which as you can see was a success! and very concerning

On NethServer (CentOS) and also a lot of *nix systems a user can access a lot of directories, but sensible files cannot be read. I guess also Windows systems do the same…

For instance


Or other user’s home directory.


Only some dirs have write access.

In the past we discussed a chroot setup for SFTP. Please search this forum for it!

that makes sense, I will look into it.