0

Possible Duplicate:
How can I chroot ssh connections?

I want to jail a particular user into a directory (so they can sftp and ssh) using chroot on Debian. How can I do this?

The man page says

Usage: chroot [OPTION] NEWROOT [COMMAND [ARG]...]
  or:  chroot OPTION
Run COMMAND with root directory set to NEWROOT.

  --userspec=USER:GROUP  specify user and group (ID or name) to use
  --groups=G_LIST        specify supplementary groups as g1,g2,..,gN
      --help     display this help and exit
      --version  output version information and exit

I want to jail user "smart" into /home/servers/smart but when I type: chroot --userspec=1001 /home/servers/smart, it says chroot: failed to run command '/bin/bash': No such file or directory

I've googled my brains out and I can't find a single tutorial on the built-in chroot command.

dukevin
  • 1,610
  • 3
  • 18
  • 25
  • AFAIK if you want to allow user to ssh into that directory you will need at least minimal chroot environment including bash and it's dependencies you can find using ldd /bin/bash – Hrvoje Špoljar Oct 08 '12 at 10:43
  • If you are using a sufficiently new version of sshd then you the second answer in the dupe will help you. – user9517 Oct 08 '12 at 10:51

1 Answers1

1

This is basically a duplicate of: How can I chroot ssh connections?

A chroot does not apply per user, but per process. -- So it has to be called/activated by the sshd or the user's login shell.

Limiting an SFTP login is quite simple in newer OpenSSH versions. For interactive shell logins it is always more difficult, because all allowed programs have to be accessible inside the jail.

mschuett
  • 3,066
  • 20
  • 21
  • Thanks. can you point or show how toset up a jailed ftp directory? – dukevin Oct 08 '12 at 10:51
  • With sshd's `internal-sftp` and `ChrootDirectory` config options. -- See http://undeadly.org/cgi?action=article&sid=20080220110039 or http://it.toolbox.com/blogs/unix-sysadmin/more-openssh-fun-easy-chrooting-sftpscp-connections-28473 – mschuett Oct 08 '12 at 11:00