Is this chroot setup safe?

1 post / 0 new

Topic locked

#1 Tue, 11/08/2016 - 13:36

rikus

Is this chroot setup safe?

About chroot again, jailing users to home directory :)

So, I'm just wondering if this setup is safe:

server is only used for websites (no email etc.)
home directory paths are defaults (/home/$USER)
users are added to "sftponly" group
sshd_config:

Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /home/%u
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

users home directory owner/group is root/root and chmod 755 (other users can see home directory content)
users can't create files/folder inside home directory, but they have "private" directory where they can put anything that needs to be outside of web root (public_html)
folders inside home directory are 750, so other users can only see home directory content, not content from folders inside home directory

- home
- - testuser (root/root 755)
- - - fcgi-bin (testuser/testuser 755)
- - - logs (testuser/testuser 750)
- - - private (testuser/testuser 750)
- - - public_html (testuser/testuser 750)
- - - tmp (testuser/testuser 750)

Thanks for any comments!