We have a user who can’t use FTPS because of corporate firewall but SSH is OK. I’ve done as follows:
Pretty much followed the guide here: https://linuxize.com/post/how-to-set-up-sftp-chroot-jail/
In sshd_config there was already a Subsystem directive:
Subsystem sftp /usr/lib/openssh/sftp-server
I changed this to:
Subsystem sftp internal-sftp
I used a bind mount to give the user access to their web site in the home directory.
There is an issue with permissions in the web site. I tried changing the group of the relevant part of the web site to sftponly (the suggested group name for chrooted SFTP users) but a sympl script changed this back to www-data.
The solution I’ve found for the moment is to add the upload user to the www-data group which isn’t ideal.
Will the above steps break anything in sympl?