SFTP Chroot write in chrooted /

Question

Hey,

I'd like to write with the chrooted user in his / but i can't.

Example: i have /home/sftponly/ as ChrootDirectory

Inside has to be another Directory with Permissions to this User, otherwise i cant connect.

I want it to be writable while the user that connects doesen't see any Sub-Dir. Any Tips on what i'm doing wrong?

My sshd_config

Match User sftponly
  ChrootDirectory /home/sftponly
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no

Answer 1

If I understand correctly, you want your user to be able to write to his home directory while being chrooted.

What happens when you connect using sftp with chroot enabled is like this:

• the user is chrooted to the main "chroot" directory (here, /home/sftponly)
  • the main chroot must be owned by root and read-only for the users.
• the user is then chrooted again into his home directory as described in /etc/passwd starting from the main chroot. This home directory can be writeable to the user.

So if in /etc/passwd you have a line such as this:

sftponly:x:1002:1002:,,,:/home/sftponly:/bin/bash

sshd will try to chroot your user into /home/sftponly/home/sftponly.

So if you absolutely need to chroot to this precise path /home/sftponly you must set your main chroot in sshd_config to, for instance, /home:

ChrootDirectory /home

Then set the home directory of sftponly in /etc/passwd to /sftponly :

sftponly:x:1002:1002::/sftponly:/bin/bash

Then /home/sftponly can be writeable for the sftponly user, no problem.