1

I am creating a SFTP server with Chroot Jail. The problem is user cannot log into the home directory. I need to keep ChrootDirectory value to one directory above the user's home directory (/home/jail/home in this case). I read that the directory needs to be owned by root. In that case user cannot do anything except logging into the server. Below is the sftp-specific part of my sshd_config file

Match User ftpuser
    ChrootDirectory /home/jail/home/ftpuser
    ForceCommand internal-sftp

Output of $id ftpuser is

uid=1001(ftpuser) gid=1002(ftpuser) groups=1002(ftpuser),0(root)

I have intentionally added it to the root group so that ftpuser can at least login.

Output of $grep ftpuser /etc/passwd is

ftpuser:x:1001:1002::/home/jail/home/ftpuser:/bin/false

Permissions of /home/jail/home/ftpuser ared

rwx------+ 3 root root 4096 2011-12-12 12:49 /home/jail/home/ftpuser/

What should I do?

Dharmit
  • 4,310

1 Answers1

-1

Well after some Google-ing I found a solution. Though it's not a good practice but it did help me.

I changed the UID of chrooted users to 0 i.e. UID of root user, without changing the login shell. As a result chrooted user can access its home directory the way I need him to. And since the login shell is /bin/false he can't log into the system like other users (I actually tried doing su - ftpuser while I was logged into my machine as root and ftpuser didn't get the shell access).

Though this solution might not be good or preferable, it was the only workaround I could find.

Dharmit
  • 4,310