I have been researching what chroot does and if it is useful for me. I have found loads of information spread around the forum and other sites so I have put together what I know with some questions.
Could someone check my information is correct and answer the questions. This is one of those issues that keeps getting asked about so I hope I have put everything together properly.
Need confirmation of these
- chroot = Change root
- Aesthetic only
- Chroot only works on
- port 22 for both SFTP and SSH
- and the Terminal in the users Webmin
- ProFTPd controls SFTP on port 2222 and therefore is unaffected by the Virtualmin implementation of chroot.
- You configure restrictions in ProFTPd.
- You control what functions and services are added into the Jail by using the jail manager
- It restricts what commands can be run in SSH for the user. You can add what is allowed in.
- Any functions/services to be used in the jailed session need to be added.
- It is not a security feature, but only ‘security via obscurity’
- Jails are not very useful, it’s just a thing people in the hosting world like. Hides a load of mess from their clients.
- Chroot does more than jails.
- The Proper name for this, in the way we are using this feature = chroot jails.
- If you are not giving your clients SSH access, chroot is pointless.
- chroot needs root to run and is why it can be dangerous.
Questions
- Why aesthetic only if you can restrict what functions a user has access to with SSH?
- Where do you configure the SFTP (port 2222) restrictions in ProFTPd?
- Is this done by hand
- Webmin → servers → ProFTPD Server
- ProFTPd jail features?
- FTP is already restricted to the home page.
- Does this stop people FTP’ing to the root and seeing files?
- Does this stop people using SSH getting to the root of the server?
I have looked through the forum and elsewhere so can post all of my links if needed 
Thanks in advance