Quote:
Originally Posted by SleeperSimulant
I have a Debian 12 system which uses SSH. sshd_config has been customized as follows:
Match Group sftpusers
ChrootDirectory /sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication yes
This server is to be used as an SFTP server. For this purpose, a script has been written which creates users and places them in the “sftpusers” group. Furthermore, new folders can be created, which are created in /sftp and get the permission root:sftpusers.
|
That's the way it has to be done, because
the ChrootDirectory in that case must be owned by root and not writable by any other accounts. Thus, as you've found, you can create subdictories (via root) and give write access for those other accounts to those subdirectories. The same script you have to create the accounts and add them to the group can also create the subdirectories and set their permissions since the whole script is running as root anyway.
That is one approach to setting up
chrooted SFTP, and there are at least two more.