How to create a chrooted user

useradd -m -d /var/www/domain.tld -s /usr/sbin/nologin -c "Comment on user role" username
passwd username
mkdir /var/www/domain.tld/htdocs
chmod 775 /var/www/domain.tld/htdocs
chown username:root /var/www/domain.tld/htdocs

htdocs is the directory the chrooted user can write into. He can read up to /var/www/domain.tld though. This is per-manpage:

ChrootDirectory
Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user’s home directory.

Note:
To check user home dir use the command awk -F: -v v="username" '{if ($1==v) print $6}' /etc/passwd
To ensure path is owned and only writable by root, before settings permissions to the htdocs dir, you can run the following commands:

chmod 755 -R /var/www/domain.tld
chown root:root -R /var/www/domain.tld

Leave a Reply

Your email address will not be published. Required fields are marked *