How to prevent a user from viewing the entire file-system?

I've set up SFTP/SSH so that a user can only put to their home directory, however, they can still cd to all other directories and get files that they see.

How can I prevent this?

EDIT:

My sshd_config: http://pastebin.com/jk7TCRZr

I've managed to lock to /var/www, but they can still view other user's folders.

EDIT 2:

Errm..... I just realized what I did wrong ... Ha ha

On another note, how could I make the public_html folder the folder that Apache tries to load data from?

David Harris

Posted 2012-12-28T12:27:41.597

Reputation: 121

Answers

You should configure sftp chroot.

Nickolay Olshevsky

Posted 2012-12-28T12:27:41.597

Reputation: 136

That's what I've been trying to do for awhile now. Check the OP, just updated with link to my config. – None – 2012-12-28T12:43:35.393

Here's a link to show how this "chroot" thing works:http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

– None – 2012-12-28T13:03:20.250

Or you can do it with tools like http://olivier.sessink.nl/jailkit/

java_xof

Posted 2012-12-28T12:27:41.597

Reputation:

Fixed.

I did the following (I probably shouldn't have, but it worked for me. That's all I want):

Match user myUser
    ChrootDirectory /var/www/myUser
    ForceCommand internal-sftp
    AllowTcpForwarding no
    GatewayPorts no
    X11Forwarding no

In /var/www/myUser, I created the dir public_html. After that, I enabled the userdir apache mod, like this:

sudo a2enmod userdir
sudo service apache2 restart

And everything just... Works!

(of course, this has the obvious down-side that we now have to prepend usernames with a tilde)

David Harris

Posted 2012-12-28T12:27:41.597

Reputation: 121