I've been going round and round with this for a few days. If I use the openssh chroot jail that most people have HOWTOs for then everything is fast and straightforward on Ubunutu 9.x+ but then the user is unable to use the put command to write files. I thought I was alone in this until I ran into other's online who'd had the same problem. I'm referring to this form of SFTP chroot jails: http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny I also have set up a server with RHEL5 and rssh which will give me a writable SFTP only configuration, but it's certainly not a jail as the user can cd all over the filesystem. And it's not like I can set / to 750 or something along those lines. Not to mention, clients get a little miffed when they realize that others can see their filenames and timestamps. In this case, I'm referring to a server set up along these lines: http://cybervault.blogspot.com/2008/04/restrict-users-to-scp-and-sftp-and.html I am not restricted by what version of OS I run beyond the fact that it's needs to be able to live on vmware. And really am pretty agnostic to approaches to tis, especially now that I've wasted a full 30 hours on the project with really nothing to show for it. Basically, this is an ISP sort of configuration. I will have multiple users SFTPing and possibly SCPing(not necessary, but would be nice) and they need to be jailed to the home directory. By jailed, I mean that the user's sftp request would land them in /ftphome/bob and they can not cd to /ftphome or to /, etc. And I need to have it answer on the default port of 22. Perhaps I'm missing something very simple, but the more I talk to people I've worked with for years I'm coming to realize that most people just use this configurations and don't really set them up. Heck, I even tried loading freenas(a tiny linux distro that's not really meant for this sort of thing, but was willing to try anything) Thanks for the advice ahead of time. This is my first post here, but I've use a few of the HOWTOs in the past.
When I tried the tutorial on Debian Lenny, users could upload files just fine. Maybe it'S a problem with AppArmor - did you disable it?
I used the debian instructions on Ubuntu and wasn't aware of AppArmor. It appears that AppArmor is similar to selinux on RHEL. Did you use the howto on debian or on Ubuntu? And how did you disable the AppArmor? I think I destroyed my ubuntu vmware box I created, but I can always build another one.
Everette, Your description of scponly is exactly how rssh works but unfortunately rssh doesn't prevent people from moving around the filesystem. Do you have a known build doc/HOWTO that implements scponly in a manner that actually jails the user? Thanks, Dan
I had the same issue - I could not upload to /home. If I changed the owner/group or permissions, I could not log in via filezilla or CLI. My solution was: Made a dir under /home -- /home/upload - gave rw to user and all is fine.
