My hatred of plain FTP is well documented, but I needed change the root directory of a new SFTP user to their home folder (/home/user) so they can’t navigate back to / on the server.
Do your usual create new user stuff:
mkdir /home/steveperry
useradd steveperry
chown root:steveperry /home/steveperry
chmod 755 /home/steveperry
Force the normal login directory just in case:
usermod -d /home/steveperry steveperry
Set the new user a dummy shell (so they don’t have real shell access).
usermod -s /bin/false steveperry
Now, steveperry should have read access to his home directory. Let’s give him a place to upload stuff:
mkdir /home/steveperry/jams
chown steveperry:steveperry /home/steveperry/jams
chmod 755 /home/steveperry/jams
In the file /etc/ssh/sshd_config comment out “Subsystem sftp /usr/lib/openssh/sftp-server” and add “Subsystem sftp internal-sftp”
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Also in /etc/ssh/sshd_config, add the following lines at the end of the file to force steveperry to be jailed into his home directory.
Match User steveperry
ChrootDirectory /home/steveperry
ForceCommand internal-sftp
Done! Restart the ssh daemon (run this any time you want changes to become effective):
sudo /etc/init.d/ssh restart
(credit, most of this stolen from: http://www.ericstockwell.com/?p=54)
