About chroot again, jailing users to home directory
So, I’m just wondering if this setup is safe:
- server is only used for websites (no email etc.)
- home directory paths are defaults (/home/$USER)
- users are added to “sftponly” group
- sshd_config:
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /home/%u
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
- users home directory owner/group is root/root and chmod 755 (other users can see home directory content)
- users can’t create files/folder inside home directory, but they have “private” directory where they can put anything that needs to be outside of web root (public_html)
- folders inside home directory are 750, so other users can only see home directory content, not content from folders inside home directory
- home
- - testuser (root/root 755)
- - - fcgi-bin (testuser/testuser 755)
- - - logs (testuser/testuser 750)
- - - private (testuser/testuser 750)
- - - public_html (testuser/testuser 750)
- - - tmp (testuser/testuser 750)
Thanks for any comments!