Tuesday, 5 January 2016

How to configure shared directory with chrooted SFTP


Linux - Red Hat 6, Centos 6


2 chrooted users need to share documents via sftp server


Edit /etc/ssh/sshd_config

Find "Subsystem" line and comment it out
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Add the following
Subsystem sftp internal-sftp
Match Group sftponly
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home/%u/sftp_jail
ForceCommand internal-sftp -u 002
Match group - means that settings will apply to users in group sftponly
ChrootDirectory - set users root directory
ForceCommand - allow only sftp connnetions, umask will make sure that correct permissions are set for new files and directories

Add sftponly group
groupadd sftponly
Add user with main group set to sftponly
useradd test -g sftponly -s /bin/false
Set correct permissions on directories
mkdir -p /home/test/sftp_jail/shared
chown root:sftponly /home/test /home/test/sftp_jail /home/test/sftp_jail/shared
chmod 750 /home/test /home/test/sftp_jail
chmod 775 /home/test/sftp_jail/shared
Add another user called test2 as per steps above & set permissions.

Bind mount shared directory
mount --bind /home/test/sftp_jail/shared /home/test2/sftp_jail/shared
Add it to /etc/fstab
/home/test/sftp_jail/shared /home/test2/sftp_jail/shared           none    bind            0 0

Restart ssh daemon
service sshd restart
P.S. Don't forget to configure SELinux

You might also consider using vsftpd which also supports ftps and quite easy to set up.

Source 1 2

No comments:

Post a Comment