Everything's working properly
Hello Again,
A bit more digging on the Web found the answer:
Since the sftponly user (foo) does not own the chroot'ed directory (/home/foo), the user does not have write privileges. So, everything's working properly.
The fix? Create a new directory inside the chroot'ed directory (/home/foo/writeable) and chown it to the sftponly user (chown foo:sftponly /home/foo/writeable).
More thorough descriptions of chroot'ing internal-sftp in OpenSSH can be found at:
<http://forums.gentoo.org/viewtopic-t-698685.html?sid=26554189975046c317082e5dfffbeca6>
<http://adamsworld.name/chrootjail5.php>
<http://www.minstrel.org.uk/papers/sftp/builtin.html>
The novice (i.e. me) should be careful though, as these are Linux instructions.
I found that using "usermod -d" and "usermod -s" to change the user profile broke the login. However, creating an sftponly group works quite well. With a "Match Group sftponly" instruction in sshd_config, "usermod -g" easily adds a new user to the sftponly group.
Script wizards are encouraged to port the scripts presented in the Gentoo Forum listed above.
Thanks,
jon4t2
|