This is a simple reference to chroot a sftp user or group to a folder – usually the web server folder. It is not covered “full” chrooting.
Edit /etc/ssh/sshd_config (/etc/sshd_config on some distributions) and set the following options:
#Subsystem sftp internal-sftp #In some cases you might need to uncomment the line above and comment existing #Susbsytem option #Match user sftp-user Match group sftp ChrootDirectory /var/www ForceCommand internal-sftp AllowTcpForwarding no
Be sure to place the “Match” directive at the end of the file. This tells OpenSSH that all users in the sftp group are to be chrooted to their home directory (which %h represents in the ChrootDirectory command – you can use it instead of “/var/www” in this case), or any other you specify.
Don’t leave two or more Subsytem sftp directives at the same time – use only one. Otherwise you wont be able to access the server from ssh!
For any users that you wish to chroot, add them to the sftp group by using:
# usermod -G sftp paul # usermod -s /bin/false paul # chown root:root /home/paul # chmod 0755 /home/paul
If you still have problems it is most probably because of directory permissions or/and ownership – you can try this:
sudo chown root /var/www sudo chmod go-w /var/www sudo mkdir /var/www/writeable sudo chown bob:sftponly /var/www/writeable sudo chmod ug+rwX /var/www/writeable
Be very careful as changes to sshd_config might leave you without ssh and sftp access to the server!!!