Find the answer to your Linux question:
Results 1 to 3 of 3
Is there a way to make users unable to see other user directories under the same chrooted directory? Users are connecting to SFTP running sshd and are chrooted by the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Location
    Illinois
    Posts
    9

    Linux Rights - SFTP Chrooted users shouldn't see folders


    Is there a way to make users unable to see other user directories under the same chrooted directory?

    Users are connecting to SFTP running sshd and are chrooted by the Match Group function.

    Example:

    Code:
    Match Group testgroup
            ChrootDirectory /home/SFTP/testgroup
            ForceCommand internal-sftp
            AllowTcpForwarding no
    Each user has their own folder underneath the directory 'testgroup' and they have rights only to their folder.

    The problem I have is that all users can see the other users directory. The other users cannot access/view any directory except their own, however, they can see the other folder titles.
    Is there a way to change this to where when they are chrooted in this directory, that they can only see their own folder, and any 777 folder?

    I know that I can change the ChrootDirectory to:
    Code:
    ChrootDirectory /home/SFTP/testgroup/%u
    but then the user would not be able to get the public folder.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    if you configured the ChrootDirectory to be user-specific (e.g. ChrootDirectory /home/SFTP/testgroup/%u), you could use a bind mount to grant users access to a shared group dir, e.g.:
    Code:
    # make a dir to be shared
    install -d -g testgroup -m 0775 /home/SFTP/testgroup/pubdir/
    
    # make a mount point, per user
    install -d -o user1 -g testgroup -m 0755 /home/SFTP/testgroup/user1/groupdir/
    install -d -o user2 -g testgroup -m 0755 /home/SFTP/testgroup/user2/groupdir/
    
    # bind mount the group dir to the mount point in each users's chrooted dir
    mount --bind /home/SFTP/testgroup/pubdir /home/SFTP/testgroup/user1/groupdir
    mount --bind /home/SFTP/testgroup/pubdir /home/SFTP/testgroup/user2/groupdir
    man mount for more details on bind.

  3. #3
    Just Joined!
    Join Date
    May 2009
    Location
    Illinois
    Posts
    9
    Quote Originally Posted by atreyu View Post
    Code:
    # make a dir to be shared
    install -d -g testgroup -m 0775 /home/SFTP/testgroup/pubdir/
    
    # make a mount point, per user
    install -d -o user1 -g testgroup -m 0755 /home/SFTP/testgroup/user1/groupdir/
    install -d -o user2 -g testgroup -m 0755 /home/SFTP/testgroup/user2/groupdir/
    
    # bind mount the group dir to the mount point in each users's chrooted dir
    mount --bind /home/SFTP/testgroup/pubdir /home/SFTP/testgroup/user1/groupdir
    mount --bind /home/SFTP/testgroup/pubdir /home/SFTP/testgroup/user2/groupdir
    Awesome! Exactly what I was looking for, and it worked great!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •