by 
In this tutorial we are going to implement chroot sftp user which have same rights without changing the actual folders/files permissions in ubuntu. For example chroot-sftp (username) will have all rights to create files/folders with www-data as owner and group in /var/www.
First of install bindfs on your system.
sudo apt-get -y install bindfsAfter that add user to your system
sudo useradd chroot-sftp -m -G www-data -s /usr/sbin/nologin
sudo mkdir -p /home/ chroot-sftp/www
sudo chown –Rf chroot-sftp:chroot-sftp /home/chroot-sftp/www
sudo chmod -Rf 755 /home/chroot-sftp/www
edit /etc/fstab and bind /home/ chroot-sftp/www with /var/www, so any new folder in /home/ chroot-sftp/www will appear with the www-data rights in /var/www
Permissions will be 755 for directories and 644 for files with www-data as owner and group
sudo vim /etc/fstabAnd add one line (it’s for auto mount at reboot):
bindfs#/var/www /home/chroot-sftp/www fuse force-user=chroot-sftp,force-group=chroot-sftp,create-for-user=www-data,create-for-group=www-data,create-with-perms=god=rx:ud=rwx:gof=r:uf=rw,chgrp-ignore,chown-ignore,chmod-ignore 0 0And run below command to mount the directory
mount –aAfter that edit sshd config file.
vim /etc/ssh/sshd_configcomment ‘openssh’ line and add after ‘UsePAM yes’ the ‘internal-sftp’ lines and change
UsePAM yes
UseDNS no
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match user chroot-sftp
ChrootDirectory /home/chroot-sftp
ForceCommand internal-sftp
AllowTcpForwarding no
Save sshd_config file and test the sshd configuration file is correct or not with below command.
sshd –tIt’s highly recommended to test the configuration of sshd file before restart. If there is any error displayed on screen after run sshd –t please don’t restart sshd service. First fix the issue than restart service with below command.
service sshd restartALL! Done
Check my GITHUB repository for other bash scripts.
