Good day! I run into a problem yesterday that allowed a new created account to navigate my entire CentOS server when connecting using sFTP protocol. Here is the step by step guide to fix this major problem in CentOS/Webmin/VirtualMIN.
- Create a new account in VirtualMIN / Ex. mynewwebsite.com
After you created the new account you will have to set things up so that when this new account user connect to your sFTP (I use proFTPD) they will not be able to navigate your entire server.
NOTE: You will have to create a new UserGroup : sftpusers
In webmin, navigate to this section /Others/File Manager/ Once you are there select the new created account
/home/mynewwebsite
You will have to do 3 more steps
- CHOWN the new created directory to ROOT
NOTE : Do not use recursive! - You have to set now the directory permissions to 0755
- Run this command in Shell # usermod -G sftpusers USERNAME
NOTE : This will add your new created account to the sFTPusers group!
After this your new created account will only have permission to navigate into the directory /home/mynewwebsite/ when connecting with sFTP.
Enjoy!