Here is the situation. I have user access to a server and root access to the same server. I want to edit files for a user that I don't have password information for on the server. ssh'ing as root is disabled, so I typically ssh in as my user and then su to root. Then I cd to the user of interest's home directory and then su to the user of interest (provided the user of interest has shell access). If the user doesn't have shell access to the server I am forced to modify the files as root, which I loathe to do. So my first question is, how can I safely modify the user's files without being root if the user does not have shell access?
My second question involves transferring files to the user's account using a graphical SFTP program from my desktop. Since I don't have the user of interest's login information (and the user may not have shell access) I can't sftp directly into the user's account, nor can I sftp as root. So instead I use my graphical SFTP program to sftp into my user account's home directory on the server. Then I transfer the files via the SFTP program to my user account's home directory on the server, and then manually copy them as root from my user's home directory to the user of interest's home directory. Obviously this is inefficient and I long for a better solution. What is it?
Note: I realize that I can use the command line scp
program to transfer the files directly to the user of interests home directory, but I want to use a graphical SFTP program.
Set up an rsa/dsa key pair on your own machine (ssh-keygen -t rsa), then append the public key to the user in question's ~/.ssh/authorized_keys file. If ~/.ssh doesn't exist - create it with 700 permissions, owned by the user.
Then you should be able to log in as that user using just the keys (no passwords)
http://winscp.net/eng/docs/faq_su
su -c bash --login should give you a shell as that user regardless of their default (disabled) login shell. You can also put a line for yourself in their ~/.ssh/authorized_keys file, and that will allow you to login as them without using their password.
Upvoted unknown's WinSCP and Brent's SSH key solutions.
Just a note to say that you can use these two solutions together.
If you're unsure about generating the key, you can use PuTTyGen and WinSCP will be happy to use the format it generates.
su has a -s option to specify the shell to use if the user does not have shell access. For example:
If I understand your questions, the simplest answer is to ignore SSH issues and treat the problem as a permissions issue instead. When users want to share access to files, they are put into the same group, and the file's permissions are set so that group has access.