Hi,

so I was following this guide, which I found in this forum topic.
And I've come across an issue I can't fix.

Here's what I want to do:
- I have a user with a home directory. Let's call the user "boss_user" and so his home directory is /home/boss_user.
- Within that home directory there are three other directories.
- Then I create three new users: "dummy_user1" "dummy_user2" and "dummy_user3".
- These three users home directories are supposed to be the three directories in the home directory of "boss_user".
- When "dummy_user1" connects via sFTP I want him to be jailed into his home directory (which is within the home directory of "boss_user").

So what I did was:

adduser dummy_user1
usermod -d /home/boss_user/dir1 -m dummy_user1

Put this into the sshd_config:

Match user dummy_user1
    ChrootDirectory /home/boss_user/dir1
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

And following that I executed:

chmod 755 /home/boss_user/dir1

Then I restarted SSH, with:

service ssh restart

What I get when trying to connect with my "dummy_user1" with FileZilla is:

Error:   Network error: Software caused connection abort
Error:   Could not connect to server

How do I fix this issue? I haven't been using linux for too long, so I might have made some stupid mistakes. Just can't figure out what I'm doing wrong here.

Greetz,
- Mercury

Edit: If I remove that part:

[code]Match user dummy_user1
    ChrootDirectory /home/boss_user/dir1
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp[/code]

The user can connect, but (of course, as expected) is not jailed to his home directory.

It's probably a permissions thing, /home/boss_user/dir1 will need to be owned by root with group root. Check /var/log/auth.log for details from ssh.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I did that before. But on that note, I tried another thing:

Having root own "/home/boss_user" makes it work.
But will boss_user not owning his own home directory cause issues? Or can there be two owners?

Thanks so far!

Greetz,
- Mercury

Having /home/boss_user owned by root will mean that boss_user can't write to their own home directory. You can only have one owner. You can however create subdirectories owned by boss_user which they can write to.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Ok, I understand that. What I want is that boss_user has write-privileges to "home/boss_user/dir1" and dummy_user1 does not, but is jailed into that folder. From what I understand this is not possible because root needs ownership to "/home/boss_user" and "/home/boss_user/dir1". As soon as I give any user other than root write-privileges to "/home/boss_user/dir1" sshd tells me to ... and dummy_user1 can't connect anymore with that same error from before.

My solution is to create another directory owned by boss_user. Something like "/home/boss_user/dir1/dir1" which is not quite what I wanted but I guess it's good enough.

If you have any other suggestions I'd be more than happy to test them. Will keep checking this thread for a while.

Thanks a lot for your help!

Greetz,
- Mercury

What you said is correct, root has to own the directory the user is chrooted into they cannot write to that directory but they can write to subdirectories.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue