The jail directory needs to be owned by user and group root, but everybody needs the permission to open this directory (the e xecute flag for “other”). The permissions oo the jail directory are very important. In my case I have a “user1” that I want to restrict to upload and download files only from his home directory, so I want to limit this user to SCP/SFTP, and I want to build the chrooot jail in /home/chroot_scp/.įirst we need to create the jail directory. Preparationīefore we dig into the setup and configuration of jailkit we need to decide what we want to allow the user to do and where he should have access. Jailkit, on the other hand, provides you with a complete set of tools to create the chroot for you as well as providing other tools to easily move a user into the jailed environment. You have to create this entirely by yourself. Like if you use rssh, which seems to be a solid way to jail a user to SCP/SFTP but it does not support the creation of a chroot environment. I have tried a couple of ways to limit a user but and it can involve a lot of manual work. Keep in mind that the path to the executables may be different on other Linux distributions.
The procedure described in this article should work with most other Linux distributions as well.
0 kommentar(er)
