Move a Sftp User in a Subdirectory of his Jail

Question

I've a question concerning the Jail explained later:

• User to be jailed: foo
• Jail Directory: /mnt/foo-jail
• Home directory of foo: /mnt/foo-jail/foo-home

Everything is ok. Jail is up and the user is connecting correctly.

• The problem is: "foo" has not write-permission on his Jail directory, but he has write-permission on his Home directory. When he connects to my server, he is redirected to /mnt/foo-jail (his Jail) and not in his Home (/mnt/foo-jail/foo-home) where he can write;

How can I resolv this problem? He cannot make CHDIR to move among folders, but He must be redirected to his own Home Dir.

Thank you very very much for your help !!!

Edit: Resolved

I'll write the interesting part of ssh configuration file sshd_config, hoping it could be useful for someone.

Match user foo ChrootDirectory /mnt/foo-jail/ ForceCommand internal-sftp AllowTCPForwarding no AuthorizedKeysFile /mnt/foo-jail/%h/.ssh/authorized_keys X11Forwarding no

In the file /etc/passwd, foo appears like:

foo:x:1001:1001:Foo User,,,:/foo-home:/bin/bash

Pay attention to the home, which is /foo-home and not /foo-home/, otherwise ssh could not intercept the correct path of the key.

Answer 1

Try to add

ChrootDirectory %h

in /etc/ssh/sshd_config in the Match Group section. %h is replaced by the home directory of the connecting user.

Answer 2

ChrootDirectory /upload/%u

ForceCommand internal-sftp -d data

This will put the sftp in /upload/UserXX/data directory. The data directory is owned and read/writable by the UserXX