Chroot not restricting user
Hello - I am trying to create an account on my droplet for SFTP usage only, and for which the user (with account <useraccount>)can only access a specific sub folder and its children. My droplet is running Ubuntu 16.04 with a LAMP stack. I have taken the following steps:
- created <useraccount> and given it the home directory to which it will need access;
- assigned <useraccount> to a specific user group <usergroup>;
-set up root ownership for the parent of the home directory and all its parents, as well as 755 permissions;
set up <useraccount> ownership of the home directory and all the files and directories below it, with 755 permissions.
Inserted the following at the end of/etc/ssh/sshd_config:
Subsystem sftp internal-sftp
Match USER <useraccount>:<usergroup>
ChrootDirectory <home directory>
When I test this account with FileZilla, I can log in via SFTP and FileZilla does go to the correct folder. However, there is no restriction to that folder and its children. Instead, I can navigate to any other folder within the droplet.
Can someone advise what I may be doing wrong and how I can restrict access to the home directory and its children?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×