0

I have a server with debian + proftpd and my idea is to leave the ftp and sftp service enabled for these users. To do this I create a folder in / home / sftpserver and within it I create the different users.

The commands that I have executed are these

mkdir /home/sftpserver
mkdir /home/sftpserver/user1
mkdir /home/sftpserver/user2

usermod -m -d /home/sftpserver/user1 user1
usermod -m -d /home/sftpserver/user2 user2

useradd -g sftpserver -s /bin/false -d /home/sftpserver/user1 user1
useradd -g sftpserver -s /bin/false -d /home/sftpserver/user2 user2

chown user1:sftpserver /home/sftpserver/user1/
chown user2:sftpserver /home/sftpserver/user2/

If I connect by ftp with each user, the "/" is the home of said user and I can only create files and directories within this folder.

On the other hand, if I access through sftp I see the main directory "/ home / sftpserver" and the user user1 sees the folder user1 and user2, and the user2 sees the folder of user1, apart from that by sftp I can move around the system ... which I do not want to allow.

That's why I have the proftpd.conf file like this

# Use this to jail all users in their homes
DefaultRoot ~

And the file /etc/ssh/sshd_config

Match Group sftpgroup
ChrootDirectory /home
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
ilernet2
  • 1
  • What is the problem you are having? – Michael Hampton Nov 02 '20 at 19:18
  • The problem is, when the user connects by sftp he can see all the folders and files on the system, and I want him to only be able to access his home for example "/ home / user1" and only be able to see and access the directories below these . – ilernet2 Nov 03 '20 at 07:13

0 Answers0