Home / server / Questions / 196968
Accepted
Jonathan B
Asked: 2010-11-02 08:20:42 +0800 CST

How to change SFTP default directory

  • 772

With proftpd you can change the default directory editing /etc/proftpd.conf
DefaultRoot ~
change to
DefaultRoot ~/music

How i can achieve the same result with SFTP?

Im using ubuntu lucid btw.

Ty so much for your help.

sftp proftpd

6 Answers

  1. Unfortunately I don't have enough reputation to comment because all I wanted to do is stress how important the comment by Richard Fairhurst is and how it should be added to the "official answer". I have seen people here and elsewhere having trouble setting the user home directory or having the user home directory as a "default directory". That's just because in a chroot environment the root directory is not the / any more. Meaning any other path should be relative to the new root path. Ex:

    if you chroot to /home and want the default directory to be /home/default you should set the user home directory to /default. Not /home because /home will be the new /.

    If you really need to keep the user home directory in /home/user but wish to have a default directory for sftp sessions, you can use the -d parameter for internal-sftp. Like in this example:

    Subsystem sftp internal-sftp
Match Group sftpusers
    ChrootDirectory /mnt/sftp
    ForceCommand internal-sftp -d /default

    /default being a directory inside /mnt/sftp. Notice that path here is again relative to the new root.

    • 26
  2. Best Answer

    Have a look at this article which shows how to use sshd's ChrootDirectory to force all members of a particular group into a common directory root. You may be able to modify it to meet your requirements.

    • 9

  3. Perhaps there is a way to achieve what you want but as far as I know, sftp is operated over ssh so not so sure how to do that with ssh for every user.

    However, one way to get around what you want to do is that you can update the user data to log in to certain directory as follows. This will w

    $ sudo usermod -d [certain path that you want to direct] username
    • 4

  4. lain's answer was helpful, but in the interest of being more explicit, and not depending on a link(and so I can find it next time):

    Search the web for ChrootDirectory, to get the basic docs and setup, I'll not replicate them here, only point out how to solve the asked question.

    For a dedicated file server use: Match Group *,!sudo so anybody who's not an admin get chrooted sftp only access - by default.

    Set ChrootDirectory /home/%u -- chroot is based on username, not their home-directory

    Make sure the users directory in /home is owned by root:root

    Set the home-directory path in /etc/passwd to the directory you want to be logged into by default - but make it relative to the chroot directory:

    If you want the user acnt to end up in /home/acnt/files/, then set the passwd home for acnt to /files

    Make sure that /home/acnt/files is owned by acnt:acnt, so that the user can write to the directory, even though /home/acnt/ must be owned by root for the chroot jail to function.

    • 2

  5. I just went through the same sort of thing with an Ubuntu Lucid 10.04 install. The answer seems to be to chroot certain logins to a specific folder. The only disadvantage being that the folder that they are chrooted to must be owned by root:root and can't be writable by the user logging in in order for ssh to allow the sftp login to work. SO, they only have access to other folders within the folder that they are chrooted to.

    http://ubuntuforums.org/showthread.php?t=1057657

    Also, setting the default folder for the user using "usermod -d doesn't change the default for that user going to the root / folder upon sftp login.

    • 0

  6. If you're using ProFTPD, then take a look at the ProFTPD SFTP module.

    • 0