Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-13-2014, 10:00 AM   #1
Registered: Aug 2012
Posts: 709

Rep: Reputation: Disabled
Restrict sftp to a given subdirectory

I started this question on, but was a little scattered on the requirements, and would like to start over.

I am trying to restrict a given user to sftp access for a given sub-directory. I have a couple of non-root users which must have access to the sub-directory's parent directories. This prevents the normal solution to chroot/jail the user to a given directory as the parent directories must be only available to root, else it will result in a "Write failed: Broken pipe" error.

As a work around, I moved the sub-directory to a new directory (/home/public/). I then jailed the user in /home/public/ doing something like the following:
# /etc/ssh/sshd_config
Subsystem     sftp internal-sftp
Match Group jailed
    ChrootDirectory /home/public
    ForceCommand internal-sftp
    AllowTcpForwarding no

mkdir /home/public
chown root:root /home/public
chmod 0755 /home/public
useradd -M -N -s /bin/false -d /home/public Bert
usermod -G jailed Bert

But now need to put the directory back in it's original location. To do so, I was going to mount it, and not use a symbolic link because I have Git version control on the sub-directories parent directory, and Git will only track the symbolic link as a file and not track it's content.

Reading the MAN, it looks like mount's --bind leaves it in both locations (am I correct?), so I tried the following, and it seemed to work.
mount --bind /home/public/mySubDirectory /var/www/application/mySubDirectory
I wanted the mount to automatically occur on boot, so I added the following to my /etc/fstab file:
/home/public/mySubDirectory /var/www/application/mySubDirectory/ayb_application/lib none bind
It seems to me that this should have been simpler. Is the way I did this correct? Thank you


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to restrict number of sftp connections. kirankumarburgu Linux - Security 5 11-10-2010 10:12 AM
Restrict sftp access and changing its port farooq.pathan Linux - Security 2 03-17-2010 10:31 AM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:00 PM
Restrict ssh/sftp with chroot? Chowroc Linux - Networking 4 01-25-2005 10:48 AM
sftp subdirectory how to ?? x2000koh Linux - General 1 12-16-2002 01:32 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration