Difference between revisions of "Chroot environment setup"
(Created page with " Category:RaspberryPi") |
|||
| Line 1: | Line 1: | ||
| + | Setting up a chroot-environment: | ||
| + | Add this to /etc/ssh/sshd_config: | ||
| + | #Subsystem sftp /usr/lib/openssh/sftp-server | ||
| + | Subsystem sftp internal-sftp | ||
| + | |||
| + | # Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/ | ||
| + | Match Group filetransfer | ||
| + | ChrootDirectory %h | ||
| + | X11Forwarding no | ||
| + | AllowTcpForwarding no | ||
| + | ForceCommand internal-sftp | ||
| + | Restart sshd | ||
| + | service ssh restart | ||
| + | Add a new group | ||
| + | addgroup --system filetransfer | ||
| + | |||
| + | For each chrooted user: | ||
| + | usermod -G filetransfer username | ||
| + | chown root:root /home/username | ||
| + | chmod 755 /home/username | ||
| + | |||
| + | cd /home/username | ||
| + | mkdir docs public_html | ||
| + | chown username:filetransfer * | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ---- | ||
| + | * Links | ||
| + | ** https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/ | ||
[[Category:RaspberryPi]] | [[Category:RaspberryPi]] | ||
Revision as of 23:13, 6 December 2018
Setting up a chroot-environment:
Add this to /etc/ssh/sshd_config:
#Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp # Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/ Match Group filetransfer ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Restart sshd
service ssh restart
Add a new group
addgroup --system filetransfer
For each chrooted user:
usermod -G filetransfer username chown root:root /home/username chmod 755 /home/username
cd /home/username mkdir docs public_html chown username:filetransfer *
