Chroot SFTP Group Fails

General support questions
Post Reply
grayloon
Posts: 1
Joined: 2018/02/21 15:52:34

Chroot SFTP Group Fails

Post by grayloon » 2018/02/21 16:15:03

I have a file server set up for the company. Everyone in the company is a member of the staff group. With my configuration below, they're dropped into /home/sharedfolder when they connect. However, they're able to jump up to the /home directory and view subdirectories and contents. How can I lock them into /home/sharedfolder while allowing them full read/write access to all subdirectories there?

/etc/ssh/sshd_config:

Code: Select all

Subsystem      sftp    internal-sftp
Match Group staff
       ChrootDirectory /home/sharedfolder
       GSSAPIAuthentication no
       AllowTCPForwarding no
       AllowAgentForwarding no
       X11Forwarding no
       ForceCommand internal-sftp -l VERBOSE

Code: Select all

steve:x:2501:2501:Steve Stephens:/home/sharedfolder:/sbin/nologin
kimberly:x:2502:2502:Kimberly Kimboa:/home/sharedfolder:/sbin/nologin
mike:x:2503:2503:Mike Michaels:/home/sharedfolder:/sbin/nologin
Example staff group config:

Code: Select all

staff:x:2500:steve,kimberly,mike

Code: Select all

#ls -l /
drwxr-xr-x.  33 root root   4096 Jan 24 14:00 home

Code: Select all

#ls -l /home
drwxr-xr-x. 123 root        root         4096 Feb 21 09:41 sharedfolder

Code: Select all

#ls -l /home/sharedfolder
drwxrwxr-x. 3 steve        staff         4096 Feb 21 09:41 files1
drwxrwxr-x. 5 kimberly        staff         4096 Feb 18 12:57 files2
drwxrwxr-x. 2 mike        staff         4096 Feb 12 15:03 files3

Post Reply