Home / server / Questions / 435892
Accepted
dukevin
Asked: 2012-10-09 02:31:34 +0800 CST

Chroot to jail users into a directory [duplicate]

  • 772

Possible Duplicate:
How can I chroot ssh connections?

I want to jail a particular user into a directory (so they can sftp and ssh) using chroot on Debian. How can I do this?

The man page says 

Usage: chroot [OPTION] NEWROOT [COMMAND [ARG]...]
  or:  chroot OPTION
Run COMMAND with root directory set to NEWROOT.

  --userspec=USER:GROUP  specify user and group (ID or name) to use
  --groups=G_LIST        specify supplementary groups as g1,g2,..,gN
      --help     display this help and exit
      --version  output version information and exit

I want to jail user "smart" into /home/servers/smart but when I type: chroot --userspec=1001 /home/servers/smart, it says chroot: failed to run command '/bin/bash': No such file or directory

I've googled my brains out and I can't find a single tutorial on the built-in chroot command.

debian

1 Answers

  1. Best Answer

    This is basically a duplicate of: How can I chroot ssh connections?

    A chroot does not apply per user, but per process. -- So it has to be called/activated by the sshd or the user's login shell.

    Limiting an SFTP login is quite simple in newer OpenSSH versions. For interactive shell logins it is always more difficult, because all allowed programs have to be accessible inside the jail.

    • 1