> I have the following chroot config for ssh/sftp:
> Match Group sftpchroot
> ChrootDirectory /home
> ForceCommand internal-sftp
> AllowTcpForwarding no
> Whenever I make an sftp login with a user that belongs to the
> sftpchroot group the folder shown is /home instead of /home/$USER as
> How can I change this…
I’ve tried with ChrootDirectory /home/%u or ChrootDirectory %h which is the same, but that poses a problem.
If I chroot directly to the user’s home I’ll have to chown /home/$USER to root:root, otherwise the chroot won’t be successful.
But if I do that, then the user will not be able to do anything in /home/$USER. And unless it has already some folders inside that belong to him, he won’t be able to do a single thing.
Therefore I set ChrootDirectory /home and the user umask to 077 so that no one can peek on the other’s home.
Like this the user is able to fully use it’s home, it’s still able to go up one level and see which folders exist (not elegant) but it’s freedom ends there.
Everything would be almost perfect if it went directly to /home/$USER instead of /home.
I’ve read this and I still don’t understand what you’re trying to achieve. My ftp users all chroot to a /blabla/ftp/%u, which makes them have their own little dropbox on my server. They cannot look into eachother’s folders. Nor explore the system.
My ftp users too. I have no problem chrooting ftp to /home/%u.
It’s with SFTP that I’m having a bit of trouble.
If I tell sftp to chroot to /home/%u, I’ll have to chown root:root all the /home/%u folders. And that’s not nice for the users because it limits their actions on their own homes.