Hi everybody,
I have been straggling to find out a solution here. My policy is to allow only chroot sftp users for all the domains. I achieve that by having a group called 'chroot' to be the default group for all users with an /sbin/nologin shell. Then in my sshd_config file I have this restriction:
Match group chroot
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
After that all my /home/%u directories (not sub-directories) are owned by root:chroot
It works great but I have to do it manually. I am looking for a way to do this automatically which would mean that upon a new virtual server creation, virtualmin will create the user with:
1) 'chroot' as the main group 2) script a chown root:chroot /home/%u after successful creation
Any help here would be very much appreciated !
Thanks George
Anyone ?
Maybe I am posting to the wrong forum ??
It's the right forum, it's just a difficult subject :-)
You could always take a look at System Settings -> Virtualmin Config -> Actions Upon User and Server creation -- and from there, you could point "Command to run after making changes to a server" to a script to be run anytime a Virtual Server is created.
-Eric
Hi Eric,
Thanks for your reply, I know it is kind of hard and I have been struggling for a while to get to the bottom of it. Now, I could write a script that would:
1) change the user group 2) change the owner of the users directory.
Bare with me for a while here :) First, this script has to be executed as root. And second I will have to somehow pass the user info there. Do you think I could use $VIRTUALSERVER_USER there ? Finally does this script have to be located somewhere in specific?
Cheers George