Chrooted SFTP permissions problem

radie_storm · 05-29-2014, 08:48 PM

Hi there

I am trying to set up backups for different users. In sshd_config I want to enter

Match User user1
ChrootDirectory /home/user1
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

however the permissions on the user1 folder need to be changed somehow. If I enter

Match User user1
ChrootDirectory /home/
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

then it works, but the user can see who else is in the home directory, which I don't want.

How would I go about changing the permissions for the user1 home directory so that this would work in the top example?

eklavya · 05-30-2014, 02:48 AM

Change the subsystem location on /etc/ssh/sshd_config

Quote:

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Now force root to be owner of it

Quote:

sudo chown root:root /home/user1
sudo chmod 755 /home/user1

and rest you know

Quote:

Match User user1
ChrootDirectory /home/user1
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no

Restart sshd and try again.

radie_storm · 05-30-2014, 07:33 PM

eklavya you are amazing. when I first did it I was unable to copy to that folder so I changed the permissions to 777. Its working well now, I can sftp to the home directory and the user can't ssh into the vm, or see any of the parent directories!

radie_storm · 05-30-2014, 10:44 PM

Ok I am having another problem with this, if I use

Quote:

sudo chmod 755 /home/user1

then the user will be able to connect but not write, and if I use

Quote:

sudo chmod 777 /home/user1

then I am able to write but not connect. I tested this by setting it to 755, connecting, and then changing to 777 to write. If I disconnect after changing to 777 then I am unable to connect again.

eklavya · 06-03-2014, 04:21 AM

Read this once (last post by onggie). It is for ubuntu but concept is same.
http://askubuntu.com/questions/28089...p-denies-login