Created
March 8, 2011 02:51
-
-
Save aussielunix/859768 to your computer and use it in GitHub Desktop.
chroot a sftp only user with openssh 5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add the following to `sshd_config` | |
Subsystem sftp internal-sftp | |
Match User foo | |
ChrootDirectory /home/foo | |
AllowTCPForwarding no | |
X11Forwarding no | |
ForceCommand internal-sftp | |
Run the following shell commands: | |
chown root:root /home/foo | |
mkdir /home/foo/data | |
chown foo:foo /home/foo/data | |
Now when the `foo` user sftp's in they will be chroot`ed to their $HOME but only have permission to upload files to $HOME/data | |
Oh, sorry, my bad. I actually missed the fact that you were chown'ing the $HOME to root:root ! This takes care of the problem that I mentioned above.
Being inattentive doesn't pay off...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
G`Day
From what I can tell, what i am doing isn't affected by the patch/exploit you mention.
I am setting the chroot to the home and setting the owner of that home to root (not the user logging in)
Then to give write perms to the user I create a user owned directory below chroot that they have to change into first to be able to write.
Cheers
Mick