Page 1 of 1
Chroot SFTP? How to limit users only to their home folder and sub folder
Posted: Wed Aug 18, 2021 11:04 pm
by tienloc1
I'm not sure if it's a part of FTP or not.
I have been given access to SSH Access(bash) to my user and I want to restrain the user's login to their own home folder/sub folder. They can't allow to cd to home or higher.
I tried to use this cmd:
chmod o-x /home/*
But it only works if they access like normal FTP with File Zilla, if they tried to use the Bitvise SSH tool, they can freely go to the home directory and higher.
I hope to receive some hints, thank you.
Re: Chroot SFTP? How to limit users only to their home folder and sub folder
Posted: Thu Aug 19, 2021 3:02 pm
by myVesta
Limiting user to SFTP (blocking SSH), allowing only homedir:
# Comment line:
Code: Select all
Subsystem sftp /usr/lib/openssh/sftp-server
# so it will be:
Code: Select all
# Subsystem sftp /usr/lib/openssh/sftp-server
On the end of file add:
Code: Select all
####
Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /chroot/%u
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
####
# then in SSH run
Code: Select all
service sshd restart
groupadd sftp-only
# then in SSH paste
Code: Select all
user=example_user # here enter user you want to chroot
home=/home/$user
if [ ! -d "$home" ]; then
mkdir -p /chroot/$user/$home
chmod 750 /chroot/$user
chmod 775 /chroot/$user/$home
chown root:sftp-only /chroot/$user
chown $user:sftp-only /chroot/$user/$home
usermod -a -G sftp-only $user
mount -o bind $home /chroot/$user/$home/
fi
Re: Chroot SFTP? How to limit users only to their home folder and sub folder
Posted: Wed Aug 25, 2021 7:14 am
by tienloc1
Thank you so much for your quick guide with the full details.
Re: Chroot SFTP? How to limit users only to their home folder and sub folder
Posted: Tue Feb 06, 2024 3:41 am
by dmmdcc13
I feel like I am missing something here. I have purchased the plugin and installed the license key.
I don't every receive the License activated prompt?
At any rate i have tried running the chroot commands listed here but when I login with a user with SFTP they can access all directories on the server (with the exception of the other user directory's setup) please advise.
Thank you in advance.