Sftp user sees fils in empty folder which should be empty

[gresec-root]

Hello,


i created a user:
useradd -m test

set a new pw
passwd test

stripped it to only allow SFTP and not the shell
usermod --shell /bin/false test

created a group
groupadd sftpusers

addet the users to to the group
usermod --gid sftpusers test

Edit the sshd config
nano /etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match Group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
PermitTunnel no
AllowAgentForwarding no
ForceCommand internal-sftp

change the home folder of the test user only to root:

sudo chown root:root -R /home/test
sudo chmod 755 -R /home/test


My problem, the test user can see files .bash_logout, .basgrc.mkshrc.profile.
The users in the group, should only be bound to the home folder, which worked because i set it in the sshd_config --> ChrootDirectory %h
In the home directory the users should only read files which also works an and only see the home folder

Im not sure why the users sees this files ?

 

[dos2unix]

sudo chmod 755 -R /home/test

Have you tried using 722. ( Write only ) 755 would be read and write.

 

[gresec-root]

Have you tried using 722. ( Write only ) 755 would be read and write.

The folder permission is drwxr-xr-x for /home/test
Logged in as the SFTP user test its - -rw-r--r--- for a new file in test folder

The Sftp user Test can access this folder because the permission other is set to R
If i strip that permission an set it to 722 i can’t access the folder.

If i gave the whole group, the read permission the whole group can access the files.

My goal is, that many Sftp users can only read files in the home folder an no one else.
For example SFT user Test has /home/test an files in the test folder can only be read by the user test. Root must have access to it all.I’m pretty sure now that i cant set a custom ChrootDirectory like /home/test - but how will that work for 50 users ?