View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions sFTP jail set-up & changing home directories
Log in to Ask a Question

sFTP jail set-up & changing home directories

general

Hi,

so I was following this guide, which I found in this forum topic.

And I've come across an issue I can't fix.

Here's what I want to do:

  • I have a user with a home directory. Let's call the user "bossuser" and so his home directory is /home/bossuser.

  • Within that home directory there are three other directories.

  • Then I create three new users: "dummyuser1" "dummyuser2" and "dummy_user3".

  • These three users home directories are supposed to be the three directories in the home directory of "boss_user".

  • When "dummyuser1" connects via sFTP I want him to be jailed into his home directory (which is within the home directory of "bossuser").

So what I did was:

adduser dummy_user1
usermod -d /home/boss_user/dir1 -m dummy_user1

Put this into the sshd_config:

Match user dummy_user1
    ChrootDirectory /home/boss_user/dir1
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

And following that I executed:

chmod 755 /home/boss_user/dir1

Then I restarted SSH, with:

service ssh restart

What I get when trying to connect with my "dummy_user1" with FileZilla is:

Error:    Network error: Software caused connection abort
Error:    Could not connect to server

How do I fix this issue? I haven't been using linux for too long, so I might have made some stupid mistakes. Just can't figure out what I'm doing wrong here.

Greetz,

  • Mercury

Edit: If I remove that part:

<code>[code]Match user dummy_user1
    ChrootDirectory /home/boss_user/dir1
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp<e>[/code]</e></code>

The user can connect, but (of course, as expected) is not jailed to his home directory.

5 Replies

It's probably a permissions thing, /home/boss_user/dir1 will need to be owned by root with group root. Check /var/log/auth.log for details from ssh.

I did that before. But on that note, I tried another thing:

Having root own "/home/boss_user" makes it work.

But will boss_user not owning his own home directory cause issues? Or can there be two owners?

Thanks so far!

Greetz,

  • Mercury

Having /home/bossuser owned by root will mean that bossuser can't write to their own home directory. You can only have one owner. You can however create subdirectories owned by boss_user which they can write to.

Ok, I understand that. What I want is that bossuser has write-privileges to "home/bossuser/dir1" and dummyuser1 does not, but is jailed into that folder. From what I understand this is not possible because root needs ownership to "/home/bossuser" and "/home/bossuser/dir1". As soon as I give any user other than root write-privileges to "/home/bossuser/dir1" sshd tells me to … and dummy_user1 can't connect anymore with that same error from before.

My solution is to create another directory owned by bossuser. Something like "/home/bossuser/dir1/dir1" which is not quite what I wanted but I guess it's good enough.

If you have any other suggestions I'd be more than happy to test them. Will keep checking this thread for a while.

Thanks a lot for your help!

Greetz,

  • Mercury

What you said is correct, root has to own the directory the user is chrooted into they cannot write to that directory but they can write to subdirectories.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct