I'm trying to set up a chroot jail for SFTP so that a user has access only to a specific directory, but I'm running into issues. I've configured my SSHD settings to use chroot as follows:
- Subsystem sftp internal-sftp
- Match User username
- ChrootDirectory /rootname
- ForceCommand internal-sftp
- AllowTcpForwarding no
- X11 Forwarding no
While this works when I create a folder in the designated root directory, the user still can't write anything in that root directory itself. I've tried adjusting permissions to allow writing, but that results in access being denied. Is there something I'm missing?
2 Answers
It sounds like you need to check the file permissions for that root directory. Remember, chroot just restricts the user to a directory, but they also need the correct permissions to write there. Without proper permissions, they won't be able to do anything, even if they're in the right place!
From my experience, the user should log into a root-owned folder that they can't write to. Then, create a separate folder in that directory where they have write permissions. It seems odd, but this is a common setup for chroot jails. You might also want to make sure that the upper-level directories are set to allow access as well.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures