[scponly] chroot user to home directory

Casper kl at os.lv
Thu Apr 27 09:31:59 EDT 2006 

root at server# make jail
/usr/bin/install -c -d /usr/scponly/bin
/usr/bin/install -c -d /usr/scponly/man/man8
/usr/bin/install -c -d /usr/scponly/etc/scponly
/usr/bin/install -c -o 0 -g 0 scponly /usr/scponly/bin/scponly
/usr/bin/install -c -o 0 -g 0 -m 0644 scponly.8 
/usr/scponly/man/man8/scponly.8
/usr/bin/install -c -o 0 -g 0 -m 0644 debuglevel 
/usr/scponly/etc/scponly/debuglevel
if test "xscponlyc" != "x"; then 
/usr/bin/install -c -d /usr/scponly/sbin; rm -f 
/usr/scponly/sbin/scponlyc;                        cp scponly scponlyc; 
                            /usr/bin/install -c -o 0 -g 0 -m 4755 
scponlyc /usr/scponly/sbin/scponlyc;   fi
chmod u+x ./setup_chroot.sh
./setup_chroot.sh

Next we need to set the home directory for this scponly user.
please note that the user's home directory MUST NOT be writeable
by the scponly user. this is important so that the scponly user
cannot subvert the .ssh configuration parameters.

for this reason, a writeable subdirectory will be created that
the scponly user can write into.

-en Username to install [scponly]
user
-en home directory you wish to set for this user [/home/user]
/data/
-en name of the writeable subdirectory [incoming]


creating  /data//incoming directory for uploading files

Your platform (FreeBSD) does not have a platform specific setup script.
This install script will attempt a best guess.
If you perform customizations, please consider sending me your changes.
Look to the templates in build_extras/arch.
  - joe at sublimation dot org

please set the password for user:
Changing local password for user:
New Password:
Retype New Password:
if you experience a warning with winscp regarding groups, please install
the provided hacked out fake groups program into your chroot, like so:
cp groups /data//bin/groups

thats all.

Hideyuki KURASHINA wrote:
> Hi,
> 
>>>> On Wed, 26 Apr 2006 21:21:33 +0300, Casper <kl at os.lv> said:
> 
>>   I wanted to make one user with only sftp/scp available and that user
>> is chrooted to his home directory.
>> I`m using freebsd 6.0 jail and compiled scponly-4.6 with:
>> ./configure --prefix=/usr/scponly --enable-chrooted-binary && make &&
>> make install
>> with "make jail" I created user and chroot.
> 
> Could you please let us know how to create your user and chroot?
> 
> -- rushani
>

More information about the scponly mailing list