This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Is this chroot setup safe?

1 post / 0 new

Topic locked

#1 Tue, 11/08/2016 - 13:36

rikus

Is this chroot setup safe?

About chroot again, jailing users to home directory :)

So, I'm just wondering if this setup is safe:

server is only used for websites (no email etc.)
home directory paths are defaults (/home/$USER)
users are added to "sftponly" group
sshd_config:

Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /home/%u
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

users home directory owner/group is root/root and chmod 755 (other users can see home directory content)
users can't create files/folder inside home directory, but they have "private" directory where they can put anything that needs to be outside of web root (public_html)
folders inside home directory are 750, so other users can only see home directory content, not content from folders inside home directory

- home
- - testuser (root/root 755)
- - - fcgi-bin (testuser/testuser 755)
- - - logs (testuser/testuser 750)
- - - private (testuser/testuser 750)
- - - public_html (testuser/testuser 750)
- - - tmp (testuser/testuser 750)

Thanks for any comments!