Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 03-05-2018, 05:25 PM   #1
LQ Newbie
Registered: Mar 2018
Posts: 2

Rep: Reputation: Disabled
sftp and chroot on raspbian

Using Raspbian (stretch) on Pi 3b. Exploring SSH, sftp, and editing /etc/sshd_config.

I'd like to use sftp in the following way: 1) make a group for sftp users and make user accounts for the purpose (the easy part, - and this is done) 2) jail all the users by group in their home directories using Chroot and 3) nonetheless, allow them to follow a symlink to attached NTFS storage.

This sounds contradictory and I expect that it is but what do I know?

I can easily create the group and users and I understand that Chroot requires root ownership of all directories in the path to the jail. So far, so good. I can jail them by user or group with, for example, these lines in sshd_config:

Match group <group>
ChrootDirectory %h

This jails them (I'm aware that Chroot is not really secure but it meets my needs) but a symbolic link to the external storage is not resolvable.

Is this even possible? Is there a way to produce the same effect? I aim to end up with a standard user account that's only for sftp purposes, can read and possibly write, and is restricted to browsing a shared folder. This attempt is the way that occurred to me first.

I'd be glad to learn 6 ways to do this but one would be nice, too.

Old 03-06-2018, 12:15 AM   #2
LQ Guru
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
What happens when you try to follow the link to attached storage?
Old 03-06-2018, 01:26 AM   #3
LQ Newbie
Registered: Mar 2018
Posts: 2

Original Poster
Rep: Reputation: Disabled
I'm testing the ftp connection from my Android phone using Solid Explorer with the ftp plugin. Rather than following the link, Solid asks what program to use to open the file and offers a list of choices, all things like picture viewers or word file programs. Without the Chroot restriction in sshd_config, the ftp client follows the link to the external storage and everything proceeds in normal ftp fashion. This would be useful if the whole Pi file system wasn't wide open as well without Chroot. I attempted to download the link - just to see what would happen - and got an error message.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
sftp chroot directory sniper8752 Linux - Software 3 08-10-2014 11:31 AM
SFTP logging for Chroot on CentOS 6.2 with openssh-5.3 not working (internal-sftp) RatherBFishin Linux - Server 1 08-30-2012 07:45 PM
SFTP Chroot Greedyh4mster Linux - Newbie 1 09-27-2010 12:26 AM
sftp + chroot ... almost schwing Linux - Software 1 10-26-2003 09:31 PM
Sftp and chroot axman Linux - Security 4 10-02-2003 05:51 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:05 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration