This post was cut and paste from -
http://ubuntuforums.org/showthread.php?t=451510 - We intend to keep it updated here where we can continually edit it.
Install the scponly package in the server machine:
sudo apt-get install scponlyNormal SFTP - We are not really interested in this we want the jail below.
Change the shell of the user:
sudo chsh -s /usr/bin/scponly usernameTest it from the remote machine:
sftp username@serverChroot/Jail SFTP:Reconfigure the scponly package so that scponlyc (the chroot version) is activated:
sudo dpkg-reconfigure -plow scponlyAnswer "Yes" to the question in the reader.
Now setup your chroot user using the setup_chroot script included to do it. It can't be an existing user, and you do not create the user with adduser. The setup_chroot script will handle everything:
cd /usr/share/doc/scponly/setup_chroot
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh
sudo ./setup_chroot.shThe default user this script creates is scponly, alter any of the defaults to your liking. Just answer each of the prompts.
To make the "incoming" (or whatever you chose) folder the default one for the uploads in the chroot/jail, edit the file /etc/passwd and change the home folder of the user(s), and add two slashes ("//") and the "incoming" directory name (in the following example, the "incoming" folder is named "default"):
sftpguest:x:1001:1001::/home/sftpguest//default:/usr/sbin/scponlycTo provide access to files that are outside the scponly homedir root jail, bind mount option should be handy.
As example, supose you have a dir /mnt/stuff and want to provide access to a chrooted scponly user.
mkdir /home/scponly/stuff
mount -o bind /mnt/stuff /home/scponly/stuffand to make this permanent, edit your /etc/fstab and add something like
/mnt/stuff /home/scponly/stuff none rw,bind 0 0change rw,bind to ro,bind to read only access.
