1.
addgroup sftpusers
useradd -g sftpusers -d /incoming -s /sbin/nologin guestuser
passwd guestuser
guestuser:x:500:500::/incoming:/sbin/nologin如果是已有帳號
# usermod -g sftpusers -d /incoming -s /sbin/nologin john2.
vim /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /home/sftpusers/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
3.mkdir /home/sftpusers
mkdir /home/sftpusers/guestuser
mkdir /home/sftpusers/guestuser/incoming
chown guestuser:sftpusers /home/sftpusers/guestusers/incoming
ls -ld /home
drwxr-xr-x. 7 root root 4096 Sep 11 12:42 /home
ls -ld /home/sftpusers
drwxr-xr-x. 3 root root 4096 Sep 11 12:39 /home/sftpusers/
ls -ld /home/sftpusers/guestuser
drwxr-xr-x. 3 root root 4096 Sep 11 12:33 /home/sftpusers/guestuser/
ls -ld /home/sftpusers/guestuser/incoming
drwxr-xr-x. 3 guestuser sftpusers 4096 Sep 11 13:41 /home/sftpusers/guestuser/incoming/
4.
setsebool -P ssh_chroot_rw_homedirs on
restorecon -R /home/sftpusers
restorecon -R /home/sftpusers/guestuser
5.
sftp guestuser@localhost
sftp> pwd
Remote working directory: /incoming
sftp> cd /
sftp> pwd
Remote working directory: /
sftp> cd /etc
Couldn't canonicalise: No such file or directory
ref:
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
http://cassjohnston.wordpress.com/2012/08/16/selinux-and-chrooted-sftp/
沒有留言:
張貼留言