I want to be able to create a structure for hosting multiple sites. I want the user files to reside inside /var/www/sites/domain.com and the sftp access to be restricted with chroot.
I've followed some examples on how to set this up, and this is what I've done so far:
Added a new user, set the home directory and group:
useradd foobar -d /var/www/sites/foobar.com -g sftp
Inside /etc/ssh/sshd_config I've added:
Match Group sftp
X11Forwarding no
ChrootDirectory %h
AllowTcpForwarding no
ForceCommand internal-sftp
and restarted the service
I've configured /etc/vsftpd/vsftpd.conf to include the following changes:
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
and restarted vsftpd
I've set ownership of /var/www/sites to root and /var/www/sites/foobar.com to foobar
But when I try to connect via sftp using filezilla I get this:
Error: Authentication failed.
Error: Critical error: Could not connect to server
Username and password given to filezilla are correct of course
What am I missing?
Best Answer
Internal-sftp require chrooted user home to reside inside root-owned dir:
/some/path/root-owned/user-dir1
Root-owned dir should have 555 permissions and user-dirs should be created by root and owned by specific user. Inside subdirs user can do anything, but he can't delete or rename them.
In your case the good approach is the next:
User's home is the
/var/www/sites/foobar.com/var,www,sitesandfoobar.comshould be root-owned. Alsofoobar.comshould have 555 permissions.dataandlogssubdirs should be owned by user and permissions should be broad enough to allowhttpdaccess them.