View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Jail user to a folder
Log in to Ask a Question

Jail user to a folder

general

Hi, i tried to jail a user to a folder of my choice but i havea hard time with it. I use openssh, i know that from version 4.9 has a feature ChrootDirectory. I succeded to jail the user to their home directory but i want to jail to a folder of my choice, for example /home/public_html/mysite

added this to sshd_config

Match group www-data1
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

then

sudo chown root.root /home/www-data1

sudo usermod -d / www-data1

It works fine, user www-data1 is jailed to his home folder but how do i jail user to /home/public_html/mysite ?

Thank you.

7 Replies

I usually use scponly for that feature. The package has scponly and scponlyc as shells, with scponlyc being the chrooted sftp shell. The standard debian/ubuntu package even contains a script to add a user and build the chrooted home folder into a specified directory.

I use jailkit (http://olivier.sessink.nl/jailkit/) to create shell

accounts for users. They can ssh/sftp/scp using public-key authentication. I give them bash, vim, tar, perl and other basic tools, and all of their Web files are in the jail with them. So they can do what they like with their site content, but can't touch anything on my linode.

You can jail them to any folder if you want.

Anyway, I find jailkit to be an excellent piece of software, and

highly recommend it.

I second the scponly recommendation; works great for me.

Jailkit is also great if you wish to give your users a real shell. I usually don't want to do that :)

Hi, thanks for replies, can someone give me a short example of using jailkit/scponly to jail a user for example in folder /home/public_html/site.

I don't want to give any other "powers" to the user, I only want that the user can navigate only in the jail folder and subfolders

I believe all that's involved is setting the user's shell from /bin/bash (or whatever) to /usr/sbin/scponlyc , and running the script to automatically configure the home directory with the necessary files and directories for minimal functionality (like /bin/ls, etc).

The scponly package is in Debian stable.

The debian/ubuntu package contains a shell script called setupchroot.sh in the /usr/share/doc/scponly/setupchroot folder. It creates the user, sets its shell and builds the chroot environment for scp/sftp only operation.

Before that you may have to run 'dpkg-reconfigure scponly' to set the suid bit of the scponlyc executable.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct