Top Nav

Chrooted SFTP Users

Here’s the steps to create chrooted SFTP users.

1. Comment out the following line in /etc/ssh/sshd_config

2. Append the following in /etc/ssh/sshd_config

where USERNAME is the user and ChrootDirectory is the path that the user will be locked into. Add a new “Match User” stanza for each user that needs to be chrooted.  This allows each user to have a unique directory.

3. Restart SSH

4. Create the SFTP user group

5. Modify the user

SCP and SSH are not allowed with this setup but you could change the shell to allow them…

6. The highest directory in the chroot tree must be owned by user/group root


Revoke MySQL DROP Privilege On Plesk Database User

Had a request from client to add database user on a Plesk server but to remove the DROP DATABASE privilege so that they could not accidentally delete their database. By default, database users created through Plesk do have the DROP DATABASE privilege. Plesk does not currently allow fine-grained control over database privileges so the only way to implement this change is to modify the privileges directly from a MySQL command line. After some testing we found these command will have the desired effect:

Of course replace “testdb” and “testdbuser” with your actual database and username.


LFTP With GoDaddy

Trying to get my usual mirror script working with GoDaddy but it kept hanging with “Delaying before reconnect…”. Solution turned out to be adding:

to the options.  Thanks to unsigned_nerd for this one!



Percona XtraDB Upgrade With Yum Shell

Ran into dependency problems today trying to upgrade a Percona XtraDB server cluster. Yum shell to the rescue:

This way I can run the remove and installs as part of a single transaction.


Redirect HTTP to HTTPS on IIS

If you need to force HTTPS on the entire site then add the following to the web.config file:

If you want to force HTTPS on a specific URL, then use this instead: