Wednesday, December 24, 2014

ssh - Ubuntu Jail FTP-User in /var/www/html with full permissions

On Ubuntu 18.x I want to block a user in the /var/www/ html directory


I created a user this way:


useradd ftpuser
passwd ftpuser
usermod -G www-data ftpuser
usermod -d /var/www/html ftpuser
chown ftpuser:www-data /var/www/html

Then in /etc/ssh/sshd_config


Subsystem sftp internal-sftp
    Match User ftpuser
            ChrootDirectory /var/www/html
            PasswordAuthentication yes
            X11Forwarding no
            AllowTcpForwarding no
            ForceCommand internal-sftp

Then:


chown root /var/www/*
chown root:root /var/www/html
chown ftpuser:www-data /var/www/html*

I connect and I'm stuck in the html folder. But I can not create and edit files.
I want to assign full permissions to the ftpuser without the ability to level up from the html folder.


After giving the command from this answer


setfacl -m g:ftpuser:rwx /var/www/html


I can not connect anymore.


Error: Network error: Software caused connection abort
Error: Unable to connect to the server

EDIT


ls -la /var/www/html
total 28
drwxr-xr-x 4 ftpuser www-data  4096 Mar  9 14:54 .
drwxr-xr-x 3 root    root      4096 Mar  9 14:31 ..
-rw-rw-r-- 1 ftpuser ftpuser      0 Mar  9 14:54 aa
drwx------ 2 ftpuser ftpuser   4096 Mar  9 14:52 .cache
drwx------ 3 ftpuser ftpuser   4096 Mar  9 14:52 .gnupg
-rw-r--r-- 1 root    root     10918 Mar  9 14:32 index.html
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...