I have set up chroot in sshd_config in Redhat. It works as expected.
When a user logs in, they end up in the chroot directory, not in their home directory. Why?
Example: chroot is set to /home/test. User bob logs in. In /etc/passwd, bob's home directory is /here. I expect bob's to end up in /home/test/here (which does exist and is owned by bob). Instead, he ends up in /home/test.
According to the man, after chroot runs, it sets the user's directory to the home directory. Chroot sets the root to /home/test. So, it SHOULD set home directory to /here. It doesn't and I can't find any message to give me a hint what the problem might be.
The changes to /etd/sshd_config are:
Match User bob
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /home/test
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
In /etc/passwrd, the relevant line is:
bob:x:1001:1001:SFTP Test:/here:/bin/bash
In case others have this issue, this is the problem...
When setting chroot in sshd_config for an sftp server, it is common to set the following in sshd_config:
ForceCommand internal-sftp
This is a good thing. It forces the user to run sftp instead of some form of shell that might possibly let them get access that you don't want them to have. That is the problem!
This is the order of things:
That last step was not being written to any for debugging information. So, everyone working on this problem assumed that chroot was not changing to the home directgory properly.
The solution is very simple: Tell sftp to use the home folder as the current working directory. For us, the home folder is /home/test/here, which is just /here after chroot. So, in sshd_config, I changed the force command line to:
ForceCommand internal-sftp -d /here
Now, it works as advertised.