ohartl/create-jailed-sftp-user

## create-jailed-sftp-user
#!/bin/sh

# add group
groupadd sftp-fileshare

# add user
mkdir /home/sftp-fileshare-user1
chown root:root /home/sftp-fileshare-user1
chmod 0755 /home/sftp-fileshare-user1
useradd --home /home/sftp-fileshare-user1 --shell /bin/false sftp-fileshare-user1
usermod sftp-fileshare-user1 -g sftp-fileshare
passwd sftp-fileshare-user1

# mount a directory outside jail
sudo mount --bind /var/www/somedir /home/sftp-fileshare-user1/somedir/
# mount needs to be added to fstab, so its created again after restart
chown -R sftp-fileshare-user1:sftp-fileshare /home/sftp-fileshare-user1/somedir/

# clear profiles etc, no need for them
cd /home/sftp-fileshare-user1
rm .*

## fstab
...
/var/www/somedir /home/sftp-fileshare-user1/somedir/ none bind 0 0
...

## sshd_config
...

AllowUsers ... sftp-fileshare-user1

Subsystem sftp internal-sftp
Match Group sftp-fileshare
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

...
	#!/bin/sh

	# add group
	groupadd sftp-fileshare

	# add user
	mkdir /home/sftp-fileshare-user1
	chown root:root /home/sftp-fileshare-user1
	chmod 0755 /home/sftp-fileshare-user1
	useradd --home /home/sftp-fileshare-user1 --shell /bin/false sftp-fileshare-user1
	usermod sftp-fileshare-user1 -g sftp-fileshare
	passwd sftp-fileshare-user1

	# mount a directory outside jail
	sudo mount --bind /var/www/somedir /home/sftp-fileshare-user1/somedir/
	# mount needs to be added to fstab, so its created again after restart
	chown -R sftp-fileshare-user1:sftp-fileshare /home/sftp-fileshare-user1/somedir/

	# clear profiles etc, no need for them
	cd /home/sftp-fileshare-user1
	rm .*
	...
	/var/www/somedir /home/sftp-fileshare-user1/somedir/ none bind 0 0
	...
	...

	AllowUsers ... sftp-fileshare-user1

	Subsystem sftp internal-sftp
	Match Group sftp-fileshare
	ChrootDirectory %h
	X11Forwarding no
	AllowTcpForwarding no
	ForceCommand internal-sftp

	...