0

I've a question concerning the Jail explained later:

  • User to be jailed: foo
  • Jail Directory: /mnt/foo-jail
  • Home directory of foo: /mnt/foo-jail/foo-home

Everything is ok. Jail is up and the user is connecting correctly.

  • The problem is: "foo" has not write-permission on his Jail directory, but he has write-permission on his Home directory. When he connects to my server, he is redirected to /mnt/foo-jail (his Jail) and not in his Home (/mnt/foo-jail/foo-home) where he can write;

How can I resolv this problem? He cannot make CHDIR to move among folders, but He must be redirected to his own Home Dir.

Thank you very very much for your help !!!

Echoes_86
  • 173
  • 10
  • Unclear as to what you mean when you say he cannot "make CHDIR to move among folders". If the issue is just that he isn't directed correctly to his home directory, submitted answer. – Belmin Fernandez Mar 12 '15 at 14:15
  • The user asked me to be redirected to his "final destination", where he could have write permission. He wants to make no "cd" to change directory. – Echoes_86 Mar 12 '15 at 14:30

1 Answers1

0

Make his home directory /foo-home. This will redirect him to what is effectively /mnt/foo-jail/foo-home.

To address the authorized_keys issue you mentioned in comments, add this under Match user foo:

AuthorizedKeysFile /mnt/foo-jail/%h/.ssh/authorized_keys
Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148
  • Thank you for your answer. I've just tried and Foo cannot connect anymore. The Server is looking for the key in /foo-home/.ssh/authorized_keys and not in the full path of the home (/mnt/foo-jail/foo-home/.ssh/authorized_keys). So it does not find it. What is wrong? – Echoes_86 Mar 12 '15 at 14:27
  • How did you setup the jail in `/etc/ssh/sshd_config`? Also, what is the user's home directory (run `echo ~foo` where foo is the username)? – Belmin Fernandez Mar 12 '15 at 14:37
  • Home: /foo-home (it was /mnt/foo-jail/foo-home before your suggest) SSHD: Match user foo ChrootDirectory /mnt/foo-jail/ ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no – Echoes_86 Mar 12 '15 at 14:43
  • Addressed in answer. – Belmin Fernandez Mar 12 '15 at 15:54