how to enable (only) sftp access for a single folder

Hi,

I have enabled (only) SFTP access for a user. I did this by selection "/usr/bin/scponly" as a shell for this user under Webmin > System > Users and Groups

However, this person can still browse freely through all the directories and files on the complete server.

I would this person to have access to a single folder, e.g. /home/name/onlyaccesstothisfolder

I should be doing this with chroot is what I understand, but I can't find it back in the documentation how to do this.

Can you tell me how to do this?

Thanks in advance.

Status: 
Active

Comments

Howdy -- Virtualmin only supports locking users into a directory using FTP users, not SSH/SFTP users. There's some details on all that in the first part of the doc here:

http://www.virtualmin.com/documentation/security/faq

Previously, there were some funky chroot techniques were the only way to lock a SSH/SFTP user, and that method wasn't recommended.

OpenSSH version 4.8 began including a chroot mechanism to handle that in a more simple and secure manner. While Virtualmin doesn't yet support it, you could always manually configure it.

You'd just need to Google "openssh chrootdirectory".

Here's a writeup from the OpenBSD folks on how the ChrootDirectory feature works:

http://undeadly.org/cgi?action=article&sid=20080220110039

My config: Debian Linux 8.7 / Virtualmin version : 5.05.gpl / Linux 3.14.32-xxxx-grs-ipv6-64 on x86_64

Hi,

I know limit ftp directory for FTP without S. But, if I use SFTP I see all directories in /HOME/ and ROOT.

For this reason, I want desable Sftp for a domain if it's possible.

Thanks you by advance.

Pierre

Howdy -- you may want to take a look at this here:

http://unix.stackexchange.com/questions/266413/how-to-disable-sftp-for-a...

However, this particular request is 6 years old... and it also looks like you're using Virtualmin GPL there.

If you have any follow up questions, we'd recommend making a new request in the Forums. We monitor the Forums, along with lots of wonderful folks in the community. Thanks!

Thanks you very very much ! It's works :-) Best regards, Pierre