View Single Post
  #5   (View Single Post)  
Old 12th July 2008
jon4t2 jon4t2 is offline
New User
 
Join Date: Jul 2008
Posts: 2
Default Everything's working properly

Hello Again,

A bit more digging on the Web found the answer:

Since the sftponly user (foo) does not own the chroot'ed directory (/home/foo), the user does not have write privileges. So, everything's working properly.

The fix? Create a new directory inside the chroot'ed directory (/home/foo/writeable) and chown it to the sftponly user (chown foo:sftponly /home/foo/writeable).

More thorough descriptions of chroot'ing internal-sftp in OpenSSH can be found at:

<http://forums.gentoo.org/viewtopic-t-698685.html?sid=26554189975046c317082e5dfffbeca6>
<http://adamsworld.name/chrootjail5.php>
<http://www.minstrel.org.uk/papers/sftp/builtin.html>

The novice (i.e. me) should be careful though, as these are Linux instructions.

I found that using "usermod -d" and "usermod -s" to change the user profile broke the login. However, creating an sftponly group works quite well. With a "Match Group sftponly" instruction in sshd_config, "usermod -g" easily adds a new user to the sftponly group.

Script wizards are encouraged to port the scripts presented in the Gentoo Forum listed above.

Thanks,

jon4t2
Reply With Quote