Chroot SFtp with EasyEngine

In this tutorial, we are creating sftp user ee-user having access to only

Create Users

The following command creates a user ee-user who should only allowed to perform SFTP in chroot environment, and not able to ssh. useradd -G www-data -ms /bin/false ee-user passwd ee-user

Create SFtp Home Directory

Lets create the home directory for user ee-user. mkdir -p /home/ee-user/

Setup Permissions

Letus setup permissions for the user ee-user chown ee-user:www-data /home/ee-user/ chown root:root /home/ee-user/ chown root:root /home/

The permissions should look like this for directory, after executing above command. ls -ld /home/
drwxr-xr-x 5 root root 4096 Oct 24 06:42 /home/ ls -ld /home/ee-user/
drwxr-xr-x 3 root root 4096 Oct 24 06:42 /home/ee-user ls -ld /home/ee-user/
drwxr-xr-x 2 ee-user www-data 4096 Oct 31 08:49 /home/ee-user/

Setup sftp-server

Comment and add following lines in /etc/ssh/sshd_config file vim /etc/ssh/sshd_config
# Find below line
Subsystem sftp /usr/lib/openssh/sftp-server
# Replace above line with following line
Subsystem sftp internal-sftp

# Add following lines at EOF
Match group www-data 
X11Forwarding no 
ChrootDirectory %h 
AllowTcpForwarding no 
ForceCommand internal-sftp

Restart ssh service service ssh restart

Setup webroot permissions

chmod g+s /var/www/
chmod 775 /var/www/

Mount webroot in SFtp home directory mount --bind /var/www/ /home/ee-user/

add above command in /etc/rc.local vim /etc/rc.local
#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
# By default this script does nothing.
mount --bind /var/www/ /home/ee-user/
exit 0

save above file and quit :wq