Configuring chroot with SFTP

2)  Set home directory:  Modify the user object and set the home directory on the Linux Profile tab (ie. /media/nss/VOL1/users/username).  Then run "namconfig cache_refresh".  You can use "namuserlist <username>" to verify the home directory.

3)  Assign NSS rights:  Add rights as needed to the home directory for the user

4)  Set root as owner:  All directories in the path to the chroot directory need to be owned by root.  This would include /media, /media/nss, /media/nss/VOL1, /media/nss/VOL1/users, and /media/nss/VOL1/users/username.  For each of these directories, run chown root:root <directory>.

5)  Set posix permissions:  All directories in the path to the chroot directory must not have posix write set for group and other.  For the linux directories in the path, such as /media and /media/nss, this is set with chmod 755 <directory>.  This is the default for these directories, but will need to be set back if it was changed for any reason.  For the NSS directories in the path, this is set with "nss /posixpermissionmask=0755".  Run this at the commandline to set it immediately.  Add /posixpermissionmask=0755 to /etc/opt/novell/nss/nssstart.cfg to make it persistent across reboots.

6)  LUM-enable SSH:  Run "yast2 novell-lum" and select sshd on the second screen and then select Next to complete the config.

7)  Add chroot setting:  In /etc/ssh/sshd_config add a section at the bottom to match the group and set the ChrootDirectory to the home directory, such as:

8)  Restart sshd:  Run "systemctl restart sshd" to restart the service and enable the new config.