How to setup users on linux with ssh and sftp access but only access thier home folders.
Ssh is a great way to access a Linux system. But I never liked the idea that a user could see other parts of the file system (folder names and file names) even though they couldn't view or change actual files provided thier permissions were correct. Chroot lets you tie a user a folder but it's complex because you have to create a self contained environment with the base files,base commands and libraries. A script named make_chroot_jail.sh written by Wolfgang Fuschlberger. Go to his web page www.fuschlberger.net to get it. It takes all the pain out of this as you just pass it a username and it creates the user, sets permission and creates the whole environment.
# make_chroot_jail.sh user2
And when you no longer need that user, it's easy to get rid of them. Just the standard userdel does everything needed.
# userdel -r user2
But somewhere along the line it stopped working with Debian. I figured how to fix it and make a patch you can apply to the original makechrootjail.sh to get a version that works with Debian 8 (aka Jessie). A word of warning, this has only been tested on the i386 version. On a 64-bit system the libraries are in a different place. In theory this will work as I looked up the folders for them and put them in the script too.
So download the patch make_chroot_jail_jessie.patch and apply it. Note that this is meant to be applied to the RELEASE 2008-04-26 version.
# patch -i make_chroot_jail_jessie.patch -o make_chroot_jail_jessie.sh
# chmod 777 make_chroot_jail_jessie.sh
If you don't want to apply the patch yourself, here is the patched version.
It works exactly the same as before.
# make_chroot_jail_jessie.sh user2
For the curious, here is what I changed: