i have managed to setup froxlor with working FTP and SFTP in parallel.
My /etc/proftpd/sftp.conf
<IfModule mod_sftp.c>
<VirtualHost 0.0.0.0 fe80::1>
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
SFTPHostKey /etc/ssh/ssh_host_rsa_key
Port 2222
AllowOverwrite on
DefaultRoot /var/customers/webs
</VirtualHost>
</IfModule>
my /etc/ssh/sshd_config contains
# override default of no subsystems - chagned by tg
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match User testkunde2
ChrootDirectory /var/customers/webs
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
This is working ritght now. User testkunde2 is jailed in /var/customers/webs
But what i need is a multi user solution.
Question 1: how i could express the match expression for all froxlor users?
I´ve tried
Match Group www-data
ChrootDirectory /var/customers/webs
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
which don´t match for any reason. As result user is not jailed in any way and have reading root dir access.
User looks like
getent passwd testkunde2
testkunde2:x:10001:10001:th gr:/var/customers/webs/testkunde2/:/bin/sh
Question 2: chroot is only working if dir is owned by root but froxlor home dirs are owned by user. How could this be managed?
This is a question about my personal understanding from froxlor / ssh / sftp. Froxlor home dirs are owned by it´s users. Is there any solution to integrate SFTP user jails for the homedirs of the users?
Thank´s to all in advance!