Skip to content

Instantly share code, notes, and snippets.

@paulofreitas

paulofreitas/chroot-jail.md

Created October 15, 2017 02:26
Show Gist options
  • Save paulofreitas/2e51739f0d65afcb52c2df0a9e546bf0 to your computer and use it in GitHub Desktop.
Save paulofreitas/2e51739f0d65afcb52c2df0a9e546bf0 to your computer and use it in GitHub Desktop.
Download ZIP
Chroot Jail 101
Raw
chroot-jail.md

Instructions

Install SSH server

sudo apt-get install openssh-server

Create SFTP group

groupadd sftp

Change SSH server config

Open /etc/ssh/sshd_config:

nano /etc/ssh/sshd_config

Change Subsystem to internal-sftp:

Subsystem sftp internal-sftp

Append to the end of file:

Match Group sftp
    ChrootDirectory /home/%u
    ForceCommand internal-sftp

Reboot SSH server:

service sshd restart

User setup

Create a new user:

  • With SSH access:

    useradd -g sftp -G www-data -d /home/<username> -m <username>

  • Without SSH access:

    useradd -g sftp -G www-data -d /home/<username> -s /sbin/nologin -m <username>

Create user password:

passwd <username>

Virtual Host setup

Create virtual host directory:

mkdir /home/<username>/<domainname>

Change virtual host directory permissions:

chown <username> /home/<username>/<domainname>
chmod 0775 /home/<username>/<domainname>

Want to create a symbolic link in /var/www for a given domain?

echo "/var/www/<domainname> /home/<username>/<domainname> none bind 0 0" >> /etc/fstab && mount -a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment