I need to create SFTP only account that is jailed in his home directory, so I edited /etc/ssh/sshd_config and added:
Code: Select all
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Code: Select all
addgroup sftponly
useradd blabla
usermod blabla -g sftponly
usermod blabla -s /bin/false
usermod blabla -d /data/www/test/
passwd blabla
... and added to /etc/shells this at the end: /bin/false
Then I restarted ssh:
Code: Select all
service ssh restart
So I've tried:
1st try - Change the owner of /data/www/test/ to blabla and / or his group sftponly - result: cannot connect to SFTP with user blabla (permission denied) - changing the owner back to root makes it work again
2nd try - Change rights of /data/www/test/ to 777 - result: cannot connect to SFTP with user blabla (permission denied) - setting back to 755 makes it work again
3rd try - using setfacl like: setfacl -m "u:blabla:rwx" /data/www/test/ - result: cannot connect to SFTP with user blabla (permission denied) - deleting this right by setfacl -b /data/www/test/ makes it work again
Any suggestions? How can I set rights so I can write files in user's home directory using SFTP?
Thanks in advance.