Chroot directory limit user to sftp folder

My current setup which works: sshd_config file:

Subsystem sftp internal-sftp
Match group filetransfer2
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Linux commands I ran:

addgroup --system filetransfer
usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
cd /home/username
mkdir docs public_html
chown username:filetransfer *

And the username is restricted to /home/username folder and works perfectly. Now what i try to do is limit username to: /home/somefolder/public/domain.com/

When I use sudo usermod –home username /home/somefolder/public/domain.com/ it changes the default directory of username when logged in with sftp. Although it refuses to login. I've also tried all the above steps while using /home/somefolder/public/domain.com/ without luck, it refuses to login sftp.

I have to give some support desk my sftp login and obviously I don't want to give them my root login details and therefor want to limit them to the domain.com folder.

What am I doing wrong?

Thanks

2 Replies

It's probably a permissions issue, the chroot directory has to be owned by root so chown root:root /home/somefolder/public/domain.com/ may fix it, check /var/log/auth.log for errors (assuming you're using debian/ubuntu)

Yeh good point. I had to root:root all the folders that were above that. Thanks!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct