Comments on: sftp chroot jail in Ubuntu

By: fourstar

fourstar — Wed, 16 Mar 2011 22:13:09 +0000

Hi Jim -- did you already discover the ChrootDirectory configuration directive in newer versions of OpenSSH? If you have even a relatively recent version of Ubuntu, you'll be golden.

By: Jim

Jim — Sat, 05 Mar 2011 00:05:27 +0000

Sorry, I meant to type: went to the /var/www/myaudiolisting/ folder to reset permissions back to webdev

By: Jim

Jim — Sat, 05 Mar 2011 00:02:54 +0000

here is my exact steps:

gzip -dc /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz > /tmp/setup_chroot.sh
cp /usr/share/doc/scponly/setup_chroot/config.h /tmp
chmod +x /tmp/setup_chroot.sh
cd /tmp
sudo ./setup_chroot.sh

-e
sudo adduser webdev www-data
sudo find . \! -user root -exec chgrp www-data \{\} \;
sudo find . \! -user root -exec chmod g+w \{\} \;
cd /var/www/myaudiolisting/lib
sudo cp /lib/libnss_files* /var/www/myaudiolisting/lib

Then after this, I opened up another terminal window and did sudo nautilus and went to the /var/www/home/ folder and checked on the permissions and I changed it to webdev for user and webdev for group as it was set to root/root.

By: Jim

Jim — Sat, 05 Mar 2011 00:00:57 +0000

I did exactly as instructed here and even read all of the issues replies and everything seemed to have gone well.

After I created the account I noticed that the permissions for the folder I want the user to have access to was set to ‘root’ so I changed it to the [new user] account and [new group]. After this was done, I am getting error when I ftp in with: Connection closed by server with exitcode 1

I was told by someone that when I deleted the old Null account with the [user] to start over it revereted back to ‘root’ and so it never created the [new user] or something to that efect. Am I missing a step?

By: fourstar

fourstar — Tue, 08 Feb 2011 22:58:05 +0000

Cool, thanks xplicit. I updated the instructions to reflect your experience.

By: xplicit

xplicit — Tue, 08 Feb 2011 08:16:24 +0000

Little fix:

In Ubuntu 10.04
instead of
sudo /tmp/setup_chroot.sh

you should use
cd /tmp
sudo ./setup_chroot.sh

or you will get an error
“your scponly build is not configured for chrooted operation.
please reconfigure as follows, then rebuild and reinstall”

That was about Luke wrote above.

By: Luke Pearce

Luke Pearce — Mon, 06 Dec 2010 21:59:49 +0000

Just to add in Ubuntu 10.04 I still had connection issues until I copied the libnss_files into the individual scponly users lib directory:

[from the /home/scponly user directory]
cp /lib/libnss_files* ./lib

There’s also some good info here:

http://ubuntuforums.org/showthread.php?t=451510

Like setting it up so sftp starts in the incoming directory so the user doesn’t have the chroot directories cluttering up their space.

By: fourstar

fourstar — Mon, 06 Dec 2010 18:20:37 +0000

Thanks Luke — I updated the post to reflect your experience, since it might be helpful for someone!

Forest

By: Luke Pearce

Luke Pearce — Mon, 06 Dec 2010 14:05:04 +0000

Thanks for this – really useful.

As a little note I found a couple of minors with the setup_chroot.sh:

1) setup_chroot.sh needed to be executable: chmod +x setup_chroot.sh

2) And it complained about not being a chroot setup unless you copied over the config.h found in the same directory: cp /usr/share/doc/scponly/setup_chroot/config.h /tmp

Cheers
Luke