Is this chroot setup safe?

About chroot again, jailing users to home directory :slight_smile:

So, I’m just wondering if this setup is safe:

  • server is only used for websites (no email etc.)
  • home directory paths are defaults (/home/$USER)
  • users are added to “sftponly” group
  • sshd_config:

    Subsystem sftp internal-sftp
    Match Group sftponly
    ChrootDirectory /home/%u
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp
  • users home directory owner/group is root/root and chmod 755 (other users can see home directory content)
  • users can’t create files/folder inside home directory, but they have “private” directory where they can put anything that needs to be outside of web root (public_html)
  • folders inside home directory are 750, so other users can only see home directory content, not content from folders inside home directory
- home - - testuser (root/root 755) - - - fcgi-bin (testuser/testuser 755) - - - logs (testuser/testuser 750) - - - private (testuser/testuser 750) - - - public_html (testuser/testuser 750) - - - tmp (testuser/testuser 750)

Thanks for any comments!