Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Chrooted SFTP accounts - problem

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
Pulsedriver
Posts: 1
Joined: 2017-10-26 00:54

Chrooted SFTP accounts - problem

#1 Post by Pulsedriver »

Hi,
I need to create SFTP only account that is jailed in his home directory, so I edited /etc/ssh/sshd_config and added:

Code: Select all

Subsystem sftp internal-sftp

Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Then I created a group and user:

Code: Select all

addgroup sftponly
useradd blabla
usermod blabla -g sftponly
usermod blabla -s /bin/false
usermod blabla -d /data/www/test/
passwd blabla
I set up the new password...
... and added to /etc/shells this at the end: /bin/false

Then I restarted ssh:

Code: Select all

service ssh restart
Then I tried to connect to SFTP, listed directories and it worked, but the problem is I cannot write any file to this folder. I allways get Permission denied error.

So I've tried:

1st try - Change the owner of /data/www/test/ to blabla and / or his group sftponly - result: cannot connect to SFTP with user blabla (permission denied) - changing the owner back to root makes it work again
2nd try - Change rights of /data/www/test/ to 777 - result: cannot connect to SFTP with user blabla (permission denied) - setting back to 755 makes it work again
3rd try - using setfacl like: setfacl -m "u:blabla:rwx" /data/www/test/ - result: cannot connect to SFTP with user blabla (permission denied) - deleting this right by setfacl -b /data/www/test/ makes it work again

Any suggestions? How can I set rights so I can write files in user's home directory using SFTP?

Thanks in advance.


Post Reply