Chroot directory limit user to sftp folder

Question

Chroot directory limit user to sftp folder

development

My current setup which works: sshd_config file:

Subsystem sftp internal-sftp

Match group filetransfer2
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Linux commands I ran:

addgroup --system filetransfer
usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
cd /home/username
mkdir docs public_html
chown username:filetransfer *

And the username is restricted to /home/username folder and works perfectly. Now what i try to do is limit username to: /home/somefolder/public/domain.com/

When I use sudo usermod –home username /home/somefolder/public/domain.com/ it changes the default directory of username when logged in with sftp. Although it refuses to login. I've also tried all the above steps while using /home/somefolder/public/domain.com/ without luck, it refuses to login sftp.

I have to give some support desk my sftp login and obviously I don't want to give them my root login details and therefor want to limit them to the domain.com folder.

What am I doing wrong?

Thanks

2 Replies

forum:obs · Answer 1 · April 23, 2015, 4:21 a.m.

forum:obs 9 years, 6 months ago

It's probably a permissions issue, the chroot directory has to be owned by root so chown root:root /home/somefolder/public/domain.com/ may fix it, check /var/log/auth.log for errors (assuming you're using debian/ubuntu)

forum:robertstam · Answer 2 · April 23, 2015, 4:41 a.m.

forum:robertstam 9 years, 6 months ago

Yeh good point. I had to root:root all the folders that were above that. Thanks!

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

Chroot directory limit user to sftp folder

2 Replies

Reply

Tips: