Effectively non-chrooted/jailed users. What am i missing? about jail-shell HOT 5 OPEN

Add the following lines to your config file, and reinstall the jail.

dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server

from jail-shell.

Add the following lines to your config file, and reinstall the jail.

dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server

I appreciate the response, however, these two lines don't make sense and I've been using Linux for at least 20 years.

Are you saying that /usr/lib/openssh needs to be owned by root:root and set to 0755 permissions?
And what is clink and why when i google search for it am i getting many references to Windows environment?

If I didn't know any better, you are expecting me to be working with Windows. I am trying to do this on a Linux server.

from jail-shell.

use this command to edit the specific jail-shell config, test-jail is the jail name

sudo jail-shell jail -e test-jail

and add those lines to the jail config, after that save and exit.
(this will add sftp-server to the jail.)

dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server

and then run the following commad to reinstall the specific jail-shell

sudo jail-shell jail -i test-jail

from jail-shell.

use this command to edit the specific jail-shell config, test-jail is the jail name

sudo jail-shell jail -e test-jail

and add those lines to the jail config, after that save and exit.
(this will add sftp-server to the jail.)

dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server

and then run the following commad to reinstall the specific jail-shell

sudo jail-shell jail -i test-jail

Awesome!! that works, but not exactly what I wanted (but very, very close)

The goal is to ensure that when users sign in, they are dropped into their home directory. I am currently using for virtual web hosting, the /home//public_html and would like that for the sftp and forcing chroot type behavior so users cannot browse above this directory.

Like sftp, i would like users who use ssh to be dropped into their home directory. I would also like to see that they cannot browse above their /home// directory.

Can this be achieved with jail-shell and how?

Additionally, i am stumped as to what the proper permissions should be for /home and for /home/[user]/.

Mind you, I am using containerized Apache/PHP etc with a bind mount between the container's /var/www/html and the local host file system's /home/[user]/public_html. This is the ideal situation however if things need to be different to use the jail-shell system, I would be more than glad to adopt your methods or techniques.

TLDR; (Shorter description of needs)

• Need users locked to user directory.
• Need users with the ability to write to their home directory.
• Need recommended permissions for /home and /home/[user] (or change of structure as you would recommend and their permissions)

Your help is greatly appreciated. I just donated $30 USD to show my appreciation and if you can help me solve my problem you will be greatly rewarded as I can do so.

from jail-shell.

try the following config, this will map /home/[user] in jail /home/[user]

bind /home/%u/ /home/%u/  rw,nodev,noexec,nosuid

DESC:
bind a directory to jail
COMMAND:
bind [SRC] DEST OPTION
OPTION: rw,ro,dev,nodev,exec,noexec, refer to (man mount) for the parameter description
%u in path '[SRC] DEST' will be replaced as user name
EXAMPLE:
bind / ro,nodev,nosuid
bind /opt/ /opt/ ro,nodev,noexec
bind /opt/upload /opt/upload rw,nodev,noexec,nosuid
bind /opt/%u /opt/upload ro,nodev,noexec,nosuid

from jail-shell.