How can I chroot sftp-only SSH users into their homes?

All this pain is thanks to several security issues as detailed here.

Basically the chroot directory has to be owned by root and can't be any group-write access. Lovely. So you essentially need to turn your chroot into a holding cell and within that you can have your editable content.
 
sudo chown root /home/bob
sudo chmod go-w /home/bob
sudo mkdir /home/bob/writeable
sudo chown bob:sftponly /home/bob/writeable
sudo chmod ug+rwX /home/bob/writeable

And bam, you can log in and write in /writeable.


found at: http://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes

Comments

Post a Comment

Popular posts from this blog

How to clean DB from old logs in Magento 1.x

How to clean DB from old logs in Magento 1.x Using MySQL truncate log_customer ; truncate log_quote ; truncate log_summary ; truncate log_summary_type ; truncate log_url ; truncate log_url_info ; truncate log_visitor ; truncate log_visitor_info ; truncate log_visitor_online ;     login to shell(SSH)  go with root/shell folder. execute the below command inside the shell folder   php - f log . php clean   enter this command to view the log data's size php -f log.php status This method will help you to clean the log data's very easy way.  
Read more

Reduce (shrink) and resize raw disk at Proxmox

 Reduce (shrink) and resize raw disk at Proxmox 1. Check the status of raw disk:   #e2fsck -fy /hdd-img/images/111/vm-111-disk-1.raw e2fsck 1.46.5 (30-Dec-2021) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /hdd-img/images/111/vm-111-disk-1.raw: 135279/327680000 files (1.8% non-contiguous), 857599886/1310720000 blocks  2. At first, check raw disk size:   #qemu-img info /hdd-img/images/111/vm-111-disk-1.raw image: /hdd-img/images/111/vm-111-disk-1.raw file format: raw virtual size: 4.88 TiB (5368709120000 bytes) disk size: 3.59 TiB  3. Resize filesystem: -M - will resize to the minimum size based on saved files -p - will display progress bar #resize2fs -M -p /hdd-img/images/111/vm-111-disk-1.raw resize2fs 1.46.5 (30-Dec-2021) Resizing the filesystem on /hdd-img/images/111/vm-111-disk-1.raw to 852166716 (4k) blocks. Begin pass 2 (max = 196
Read more

Apache 2.4 + mod_wsgi + Python 3.7 + Django installation on Centos 7.10

How to Apache 2.4 + mod_wsgi + Python 3.7 + Django installation   Httpd 2.4 1. Install  httpd yum install httpd   2. Install  httpd-devel yum install httpd-devel  Python 3.7 on Centos 7.10 1. Download the newest python cd /opt/ wget -dvS --no-check-certificate https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz 2. Unpack and install tar xzf Python-3.7.0.tgz cd /opt/Python-3.7.0/ ./configure --prefix=/usr/local --enable-shared --with-threads --enable-optimizations make altinstall   to test if works: python3.7 -V mod_wsgi 0. (optional) uninstall current mod_wsgi yum erase mod_wsgi 1. Download the newest mod_wsgi and install cd /opt/ wget https://files.pythonhosted.org/packages/9e/37/dd336068ece37c43957aa337f25c59a9a6afa98086e5507908a2d21ab807/mod_wsgi-4.6.4.tar.gz tar xzf mod_wsgi-4.6.4.tar.gz cd mod_wsgi-4.6.4.tar.gz  ./configure --with-python=/usr/local/bin/python3.7 LD_RUN_PATH=/usr/local/lib make make install 2. Add p
Read more