Chroot to jail users into a directory

Question

Possible Duplicate:
How can I chroot ssh connections?

I want to jail a particular user into a directory (so they can sftp and ssh) using chroot on Debian. How can I do this?

The man page says

Usage: chroot [OPTION] NEWROOT [COMMAND [ARG]...]
  or:  chroot OPTION
Run COMMAND with root directory set to NEWROOT.

  --userspec=USER:GROUP  specify user and group (ID or name) to use
  --groups=G_LIST        specify supplementary groups as g1,g2,..,gN
      --help     display this help and exit
      --version  output version information and exit

I want to jail user "smart" into /home/servers/smart but when I type: chroot --userspec=1001 /home/servers/smart, it says chroot: failed to run command '/bin/bash': No such file or directory

I've googled my brains out and I can't find a single tutorial on the built-in chroot command.

score 1 · Accepted Answer · edited Apr 13 '17 at 12:13

1

This is basically a duplicate of: How can I chroot ssh connections?

A chroot does not apply per user, but per process. -- So it has to be called/activated by the sshd or the user's login shell.

Limiting an SFTP login is quite simple in newer OpenSSH versions. For interactive shell logins it is always more difficult, because all allowed programs have to be accessible inside the jail.

edited Apr 13 '17 at 12:13

Community

1

answered Oct 08 '12 at 10:45

mschuett

3,216

Chroot to jail users into a directory

1 Answers1