Comments on: Chroot SFTP Users for Web Hosting Server.

By: » Linuxaria – Everything about GNU/Linux and Open source How to Chroot SFTP Users on Linux for maximum security

Sun, 19 Jan 2014 19:37:13 +0000

[…] Article by Rahul Panwar first posted on http://linuxexplore.com/ […]

By: bhietbrink

bhietbrink — Mon, 06 May 2013 22:40:37 +0000

Thanks for your help Rahul. Unfortunately this is not the solution, as user dir is for when you have a single domain with users branching of it. In my case, I have multiple domains, and am using the Virtual Host feature of the httpd.conf file. Appreciate your efforts though. I shall continue my search.

By: Rahul Panwar

Rahul Panwar — Sun, 05 May 2013 15:04:30 +0000

Do you try UserDir option in httpd configuration? I don’t know it will work but it is written in httpd.conf document “it can confirm the presence of a username on the system (depending on home directory permissions)”.

By: Benny H

Benny H — Sun, 05 May 2013 10:33:32 +0000

Thanks for a really well written article Rahul. When setting up using this method, it would appear that PHP run from inside these newly created directories is unable to execute due to a permissions issue. PHP runs as user apache but in this article we’re using www-hosting. Do you have any advice on how to get the PHP scripts to run please?

By: Klaudia

Klaudia — Sun, 21 Apr 2013 04:02:08 +0000

Fantastic report, nicely believed out! I packed
my baggage and I’m shifting to Boston!

By: CentOS 6.3 sftp chroot jail - Page 2

CentOS 6.3 sftp chroot jail - Page 2 — Wed, 27 Feb 2013 08:13:53 +0000

[...] Add the following tail output to your Linux box’s SSH server configuration file /etc/ssh/sshd_config. [rahulpanwar@myhost ~]# tail -6 /etc/ssh/sshd_config #Subsystem sftp /usr/libexec/openssh/sftp-server Subsystem sftp internal-sftp Match Group www-hosting ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no Then restart sshd service to enable this configuration. [rahulpanwar@myhost ~]# sudo /etc/init.d/sshd restart Create Chroot Users: [rahulpanwar@myhost ~]# sudo mkdir /etc/skel/public_html [rahulpanwar@myhost ~]# sudo groupadd www-hosting [rahulpanwar@myhost ~]# sudo useradd -s /sbin/nologin -g www-hosting linuxexplore.com Setting Permissions: [rahulpanwar@myhost ~]# sudo chown root:www-hosting /home/linuxexplore.com [rahulpanwar@myhost ~]# sudo chmod 755 /home/linuxexplore.com That’s all now create multiple users for web hosting, and offer the secure sftp access to your customers. Shell Script to Create Web Hosting Users: #!/bin/bash HOSTING_DIR="/etc/skel/public_html" CHROOT_GRP="www-hosting" USR_NAME="$1" [ ! -d "$HOSTING_DIR" ] && mkdir -p $HOSTING_DIR grep ^"${CHROOT_GRP}:" /etc/group || /usr/sbin/groupadd www-hosting grep ^"${USR_NAMEP}:" /etc/passwd || /usr/sbin/useradd -s /sbin/nologin -g $CHROO_GRP $USR_NAME chown root:$CHROOT_GRP /home/$USR_NAME chmod 755 /home/$USR_NAME Selinux Configuration: Disable the selinux permanently or configure it for read write user’s home directory in SSH chroot. [rahulpanwar@myhost ~]# sudo setsebool -P ssh_chroot_rw_homedirs on [rahulpanwar@myhost ~]# sudo restorecon -R /home/$USERNAME For more information, it might help. Chroot SFTP CentOS 6 [...]