How to create a chrooted user

useradd -m -d /var/www/domain.tld -s /usr/sbin/nologin -c "Comment on user role" username
passwd username
mkdir /var/www/domain.tld/htdocs
chmod 775 /var/www/domain.tld/htdocs
chown username:root /var/www/domain.tld/htdocs

htdocs is the directory the chrooted user can write into. He can read up to /var/www/domain.tld though. This is per-manpage:

Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user’s home directory.

To check user home dir use the command awk -F: -v v="username" '{if ($1==v) print $6}' /etc/passwd
To ensure path is owned and only writable by root, before settings permissions to the htdocs dir, you can run the following commands:

chmod 755 -R /var/www/domain.tld
chown root:root -R /var/www/domain.tld

Leave a Reply

Your email address will not be published. Required fields are marked *