0

I am setting up a file server in Ubuntu Server 16.04.

I've got 3 users (and 6 hard drives, 2 each in a RAID 1 config). These Raided drives are mounted to /mnt/username, which have been set as the user's home directory. I have set up SFTP with SSH keys and login is a breeze. However, I do not want userA to leave /mnt/userA and gain access to /mnt and see the other user's folders.

To remedy this I set up chroot in sshd_config for each user, to their directories. This however prevents the user from writing to their folder (which is useless as far as a file server is concerned).

How do I jail a SFTP user to their home directory, while still allowing their home directory to be writeable by them?

sharf
  • 199
  • Create a directory under /mnt/userA, which will be writeable by the user. – Jakuje Aug 02 '16 at 09:51
  • @Jakuje but then they can just go up a level into /mnt/UserA which isn't ideal either. This sort of thing can't be that difficult. – sharf Aug 02 '16 at 13:19
  • why it is not ideal? – Jakuje Aug 02 '16 at 13:20
  • @Jakuje Because they are then not confined to their home directory, they can go up a level and don't start at their root. It's not as clean. And being migrated from a Windows server where that was easy to set up - I imagine it can't be that hard to set it up securely on Linux. – sharf Aug 02 '16 at 15:49
  • You can't give write permissions on the directory in which is the user chrooted.Normal users don't have write permission to the real root and it is why they have home directories to write. – Jakuje Aug 02 '16 at 15:54
  • @Jakuje I fully understand that. But there must be a different approach to accomplish this. – sharf Aug 02 '16 at 17:03
  • Why do you think so and what is the problem with this approach? – Jakuje Aug 02 '16 at 18:12
  • 1
    @Jakuje I want a set up that will be identical to my users, where they log in to their "/" and can't go up any further. However, the user will still need to be able to make directories and files (upload). It can't be impossible, but may require me installing a different program – sharf Aug 02 '16 at 19:29

0 Answers0