I have been straggling to find out a solution here. My policy is to allow only chroot sftp users for all the domains.
I achieve that by having a group called ‘chroot’ to be the default group for all users with an /sbin/nologin shell. Then in my sshd_config file I have this restriction:
Match group chroot
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
After that all my /home/%u directories (not sub-directories) are owned by root:chroot
It works great but I have to do it manually.
I am looking for a way to do this automatically which would mean that upon a new virtual server creation, virtualmin will create the user with:
‘chroot’ as the main group
script a chown root:chroot /home/%u after successful creation
It’s the right forum, it’s just a difficult subject
You could always take a look at System Settings -> Virtualmin Config -> Actions Upon User and Server creation – and from there, you could point “Command to run after making changes to a server” to a script to be run anytime a Virtual Server is created.
Thanks for your reply, I know it is kind of hard and I have been struggling for a while to get to the bottom of it. Now, I could write a script that would:
change the user group
change the owner of the users directory.
Bare with me for a while here First, this script has to be executed as root. And second I will have to somehow pass the user info there. Do you think I could use $VIRTUALSERVER_USER there ? Finally does this script have to be located somewhere in specific?
