Ssh – openssh sftp chroot

chrootsftpssh

I chrooted a user to the directory /var/www/upload using ChrootDirectory /var/www/upload in my etc/ssh/sshd_config.

The permissions of all the files in var/www/upload is 755 and owner is root:upload_user.

However, I still cannot modify the files. (Getting a permission denied error.)
Is it possible if I create a subdirectory with ownership upload_user:upload_user.

Is it, by any means, possible to allow my chrooted user to write to his / directory?

Best Answer

Is it possible if I create a subdirectory?

Yes, it will be possible to modify the files if you create a subdirectory.

Is it, by any means, possible to allow my chrooted user to write to his home directory?

Using home directory for chrooting users is highly discouraged (but you asked "by any mean"):

Modify openssh source code and introduce security breach :

Is there another way to restrict SFTP to a user's home directory? No, and I don't think one is necessary. If having to create a subdirectory (which users can automatically be cd'd to on sftp login) is so onerous then feel free to reintroduce CVE-2009-2904 by removing the checks in session.c:safely_chroot().

Best Answer

Is it possible if I create a subdirectory?

Is it, by any means, possible to allow my chrooted user to write to his home directory?

Related Solutions

Ubuntu – Secure SFTP Configuration that Allows SFTP User Write Access

Ssh – SFTP, Chroot problems on Redhat

Related Topic