[Gllug] SFTP and chroot
Jason Clifford
jason at ukpost.com
Mon Apr 11 09:51:05 UTC 2005
On Sun, 10 Apr 2005, Simon Morris wrote:
> I have a server that is hosted remotely and I would like to provide
> sftp access for some other users.
>
> Google tells me I can restrict these people to sftp only (i.e. no
> login environment or bash shell) by adding /usr/lib/sftp-server to
> /etc/shells and setting that as the users default shell.
>
> I haven't tested this bit yet - is it the most effective way to
> restrict a user to sftp access only?
>
> Also google tells me there is no way to chroot users to their home
> directory over SSH without patching and rebuilding sshd.... is that
> also true?
No it is not true.
The solution I am using for this is to use rssh as the users shell and
have that configured to restrict the user to the appropriate services.
As I'm doing this for a lot of users I chroot them to a common base
directory but as permissions are set to 705 and they are all in a common
primary group that's secure enough.
Jason Clifford
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ ADSL Broadband from just £15.99 / month
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list