Chroot sftp user

We have a user who can’t use FTPS because of corporate firewall but SSH is OK. I’ve done as follows:

Pretty much followed the guide here:

In sshd_config there was already a Subsystem directive:

Subsystem sftp /usr/lib/openssh/sftp-server

I changed this to:

Subsystem sftp internal-sftp

I used a bind mount to give the user access to their web site in the home directory.

There is an issue with permissions in the web site. I tried changing the group of the relevant part of the web site to sftponly (the suggested group name for chrooted SFTP users) but a sympl script changed this back to www-data.

The solution I’ve found for the moment is to add the upload user to the www-data group which isn’t ideal.

Will the above steps break anything in sympl?


Adding the user to the www-data group isn’t ideal, but there’s some level of support for the htdocs directory to be owned by other users/groups.

Check the documentation for the Filesystem permissions which should be able to help.

Many thanks I’ll try that.