D4R4 · June 2, 2019 07:53
diff --git a/sftp_readonly_jailed_usera b/sftp_readonly_jailed_usera
 Unix systems provide the chroot command which allows you to reset the / of the user to some directory in the filesystem hierarchy, where they cannot access "higher-up" files and directories.

 However in your case, it would appropriate to provide a virtual chroot implemented by the remote shell service. sftp can be easily configured to restrict a local user to a specific subset of the filesystem.

 hence in your case, you want to chroot let's say, user foo user into the /var/www/vhosts/ directory.

 You can set a chroot directory for your user to confine them to the subdirectory /var/www/vhosts/ like so in /etc/ssh/sshd_config;

 Create user foo with password

 sudo useradd foo
 sudo passwd foo
 Create for SFTP only group

 $ sudo groupadd sftp_users 
 Add to a user foo for SFTP only group

 $ sudo usermod -G sftp_users foo 
 Change owner, because read/write permission

 sudo chown root.root /var/www/vhosts/
 Add permission

 sudo chmod 755 /var/www/vhosts/
 Edit /etc/ssh/sshd_config

 sudo vi /etc/ssh/sshd_config

 Comment out and add a line like below

 #Subsystem sftp /usr/lib/openssh/sftp-server
 Subsystem sftp internal-sftp
 Add at the last

 Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /var/www/vhosts/
  ForceCommand internal-sftp
 (NOTE : Match blocks need to be at the END of the sshd_config file.)

 Restart ssh service

 sudo service ssh restart
 With this cenfiguration you can ssh into folder ubuntu and get files. Can not put or delete

 To sftp in right folder edit /etc/passwd. Change line for user foo to look like this

 $ sudo vi /etc/passwd

 ..
 foo:x:1001:1001::/var/www/vhosts/:
 ..
 This will change user foo home folder to your sftp server folder.
	Unix systems provide the chroot command which allows you to reset the / of the user to some directory in the filesystem hierarchy, where they cannot access "higher-up" files and directories.

	However in your case, it would appropriate to provide a virtual chroot implemented by the remote shell service. sftp can be easily configured to restrict a local user to a specific subset of the filesystem.

	hence in your case, you want to chroot let's say, user foo user into the /var/www/vhosts/ directory.

	You can set a chroot directory for your user to confine them to the subdirectory /var/www/vhosts/ like so in /etc/ssh/sshd_config;

	Create user foo with password

	sudo useradd foo
	sudo passwd foo
	Create for SFTP only group

	$ sudo groupadd sftp_users
	Add to a user foo for SFTP only group

	$ sudo usermod -G sftp_users foo
	Change owner, because read/write permission

	sudo chown root.root /var/www/vhosts/
	Add permission

	sudo chmod 755 /var/www/vhosts/
	Edit /etc/ssh/sshd_config

	sudo vi /etc/ssh/sshd_config

	Comment out and add a line like below

	#Subsystem sftp /usr/lib/openssh/sftp-server
	Subsystem sftp internal-sftp
	Add at the last

	Match Group sftp_users
	X11Forwarding no
	AllowTcpForwarding no
	ChrootDirectory /var/www/vhosts/
	ForceCommand internal-sftp
	(NOTE : Match blocks need to be at the END of the sshd_config file.)

	Restart ssh service

	sudo service ssh restart
	With this cenfiguration you can ssh into folder ubuntu and get files. Can not put or delete

	To sftp in right folder edit /etc/passwd. Change line for user foo to look like this

	$ sudo vi /etc/passwd

	..
	foo:x:1001:1001::/var/www/vhosts/:
	..
	This will change user foo home folder to your sftp server folder.