JonMcCain.Net
[top]

How to setup users on linux with ssh and sftp access but only access thier home folders.

Ssh is a great way to access a Linux system. But I never liked the idea that a user could see other parts of the file system (folder names and file names) even though they couldn't view or change actual files provided thier permissions were correct. Chroot lets you tie a user a folder but it's complex because you have to create a self contained environment with the base files,base commands and libraries. A script named make_chroot_jail.sh written by Wolfgang Fuschlberger. Go to his web page www.fuschlberger.net to get it. It takes all the pain out of this as you just pass it a username and it creates the user, sets permission and creates the whole environment.

# make_chroot_jail.sh user2

And when you no longer need that user, it's easy to get rid of them. Just the standard userdel does everything needed.

# userdel -r user2

But somewhere along the line it stopped working with Debian. I figured how to fix it and make a patch you can apply to the original makechrootjail.sh to get a version that works with Debian 8 (aka Jessie) and Debian 9 (aka strech).

So download the patch make_chroot_jail_jessie.patch and apply it. Note that this is meant to be applied to the RELEASE 2008-04-26 version.

# patch -i make_chroot_jail_jessie.patch -o make_chroot_jail_jessie.sh
# chmod 777 make_chroot_jail_jessie.sh

If you don't want to apply the patch yourself, here is the patched version.

make_chroot_jail_jessie.sh

It works exactly the same as before.

# make_chroot_jail_jessie.sh user2

For the curious, here is what I changed:

Date: 8/21/2016, Updated: 8/4/2018