I have my sftp users chrooted into /var/www and I would like for them to be automatically moved into their directory. I found this answer which helped me a lot: Chroot SFTP – Possible to allow user to write to current (chroot) directory. But I want to move the user into his or her home directory (=/= name of the user) instead (which is a sub-dir of var/www). I tried:
Match Group sftpusers
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /var/www
ForceCommand internal-sftp -d %h
But I get fatal: percent_expand: unknown key %h [postauth]
.
EDIT: I found that %d
is the user directory but it doesn't seem to work because it is looking for it based on /var/www.
Best Answer
As I understand it, the problem you're facing is that the internal-sftp call is happening after the chroot is in place, thus the %h (as well as the attempted %d) is being expanded within the chroot. Even though your users live in
/var/www/$USERNAME
, using %d will naturally instruct internal-sftp to run out of/var/www/var/www/$USERNAME
.%u should work around this issue:
Thus will tell internal-sftp to run out of a directory called
/$USERNAME
. Since this call is happening after the chroot is established, it should dereference to/var/www/$USERNAME
outside of the chroot.As discussed in the comments, since your usernames and homedir names are divergent, a workaround would be to use the above config, then create a /var/www/USERNAME for each user and bind mount /var/www/USERNAME to /var/www/CURRENT_HOMEDIR_NAME, like so:
mkdir /var/www/USERNAME; mount -o bind /var/www/USERNAME /var/www/CURRENT_HOMEDIR_NAME
.Now you'll have two directories under /var/www for each username, but one will simply point to the other - internal-sftp will then work as expected and whatever you have that needs to access the homedirs as /var/www/CURRENT_NAME won't break.