JonMcCain.Net
[top]

How to setup users on linux with ssh and sftp access but only access their home folders.

Ssh is a great way to access a Linux system. But I never liked the idea that a user could see other parts of the file system (folder names and file names) even though they couldn't view or change actual files provided thier permissions were correct. Chroot lets you tie a user a folder but it's complex because you have to create a self contained environment with the base files,base commands and libraries. A script named make_chroot_jail.sh written by Wolfgang Fuschlberger takes all the pain out of this as you just pass it a username and it creates the user, sets permission and creates the whole environment. His web page www.fuschlberger.net seems to be gone. Here is a copy of his RELEASE 2008-04-26 version.

# make_chroot_jail.sh user2

And when you no longer need that user, it's easy to get rid of them. The standard userdel -r does almost everything needed. The one other thing you must do is call visudo and remove the user from there.

# userdel -r user2
# visudo

But somewhere along the line it stopped working with Debian. I figured how to fix it and make a patch you can apply to the original make_chroot_jail_.sh to get a version that works with 32-bit Debian 8 (Jessie), 32-bit/64-bit Debian 9 (Strech) , 32-bit/64-bit Debian 10 (Buster) and 32-bit Raspbian Buster (on a raspberry pi 4). This should work on Debian 11 (Bullseye) too.

So download the patch make_chroot_jail_buster.patch and apply it. Note that this is meant to be applied to the RELEASE 2008-04-26 version. Note that this should work with Jessie and Stretch too.

If you really need the older Jessie/Strech version make_chroot_jail_jessie.patch and apply it. Note that this is meant to be applied to the RELEASE 2008-04-26 version.

# patch -i make_chroot_jail_buster.patch -o make_chroot_jail_buster.sh
# chmod 777 make_chroot_jail_buster.sh

If you don't want to apply the patch yourself, here are the patched versions.

make_chroot_jail_buster.sh

make_chroot_jail_jessie.sh

It works exactly the same as before.

# make_chroot_jail_buster.sh user2

For the curious, here is what I changed:

Date: 8/21/2016, Updated: 8/4/2018 Updated: 10/15/2020 Updated: 2/18/2022