tags:

views:

1992

answers:

5
+2  Q: 

Linux shell to restrict sftp users to their home directories?

Hiya,

I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his home directory to

/var/www/vhosts/mydomain.com/files

That's all fine if he connects with plain old FTP - he's restricted just to that directory, but to enable SFTP i had to add him to bin/bash shell, which suddenly opens up my entire server...

Is there a way of giving him SFTP access but without opening up all my directories? I'd really like him restricted to only his home ;)

Thanks!

+1  A: 

serverfault.com might be a better place to ask?

Dean J  2009-10-06 17:19:59
Serverfault is the logical place, but in my experience it's rare to get useful answers there :(
hfidgen  2009-10-06 20:20:57
+2  A: 

You might try setting his shell to /bin/rbash

RESTRICTED SHELL If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:

   ·      changing directories with cd

plus more...

Make sure you fully understand what is allowed and disallowed before you use this.

Dennis Williamson  2009-10-06 17:30:55
rbash is in the distro, but it doesnt appear to allow sftp - i'll have to look into the configuration i guess. Thanks for the tip tho!
hfidgen  2009-10-06 20:20:16
+1  A: 

Take a look at rssh. It may already be packaged for your o/s distribution.

Ned Deily  2009-10-06 17:41:08
It's not packaged, but that is perfect! I'll look at getting that installed asap ;) Thanks!
hfidgen  2009-10-06 20:19:27
+5  A: 
ephemient  2009-10-07 02:48:06
Great - this looks likely! The only hitch is that i simply cannot find the service file to restart it :P
hfidgen  2009-10-07 09:57:38
Hiya, I get some errors - Starting sshd: /etc/ssh/sshd_config: line 113: Bad configuration option: Match AND /etc/ssh/sshd_config: line 115: Bad configuration option: ForceCommand. These both stop sshd coming back up again. Any ideas?
hfidgen  2009-10-07 10:44:40
You probably don't have a new enough SSH version.
ephemient  2009-10-07 14:29:52
ahh yeah, i missed that bit in your answer - we're on 4.3, i'll look at getting that upgraded.
hfidgen  2009-10-08 09:27:51
Oh wow, 4.3 is 4 years old by now; you're still using it? Upgrade! 5.3 is the current latest release.
ephemient  2009-10-08 22:20:53
That's plesk for you... They package up all sorts of old versions with custom tweaks. Hate it tbh.
hfidgen  2010-02-17 10:45:45
A: 

Use pam_chroot.

Here is a good manual: http://www.howtoforge.com/chroot%5Fssh%5Fsftp%5Fdebian%5Fetch

rvs  2009-10-07 20:18:27

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?