Skip to content

Instantly share code, notes, and snippets.

@ingmarioalberto
Created January 22, 2025 03:18
Show Gist options
  • Save ingmarioalberto/93a8a265a894f443f647559fa997e822 to your computer and use it in GitHub Desktop.
Save ingmarioalberto/93a8a265a894f443f647559fa997e822 to your computer and use it in GitHub Desktop.
SFTP with user home jailed wihout "upload" directory
step zero: maybe you should create groups to match users if not already created.
First we need to add users, and most users will ask you to create those users with certain uid, gid, etc, in this case my user ask me to import this file:
----cut here----
pt001:x:1101:1100:Some comment about this user pte:/dirhome/ptuserone:/bin/bash
pt002:x:1102:1100:Some comment about this user another user:/home/ptusertwo:/sbin/nologin
...
...
...
----cut here----
So we build this importer for these kind of user's proactivities
usage:
bash importer-etc-passwd-and-sftp-jail.sh user-generated-etc-passwd-file.txt
at the end, you just need to copy and paste some outputted text to /etc/ssh/sshd_config at the very end.
(do not forget to restart sshd server)
#!/bin/bash
function sshd_modify_match {
echo "1:$1"
echo "2:$2"
echo "3:$3"
echo "Match User $1
ChrootDirectory $2
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no" | tee -a $3
}
function myuseradd {
echo useradd -u $2 -g $3 -c "$4" -m "$5" -s "$6" $1
stat ${home} || mkdir -p ${home}
useradd -u $2 -g $3 -c "$4" -m -d "$5" -s "$6" $1
grpname=$(groups "$1" | cut -d ":" -f2 | awk '{print $1}')
chown root.root "$5"
chmod 750 "$5"
setfacl -m u:$1:rwX "$5"
sshd_modify_match "$1" "$5" "$7"
}
TEMP=$(mktemp)
while read LINE; do
user=$(echo ${LINE} | cut -d ":" -f1)
uid=$(echo ${LINE} | cut -d ":" -f3)
gid=$(echo ${LINE} | cut -d ":" -f4)
fng=$(echo ${LINE} | cut -d ":" -f5)
home=$(echo ${LINE} | cut -d ":" -f6)
shl=$(echo ${LINE} | cut -d ":" -f7)
#grep -e "${user}" /etc/passwd && echo "user already exists ${user}" ||
myuseradd ${user} $uid $gid "${fng}" "${home}" $shl $TEMP
done < $1
echo "------cut here and paste into /etc/ssh/sshd_config----"
echo "Subsystem sftp internal-sftp"
cat $TEMP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment