Defining root directory for sftp-server logins

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

from proftpd I'm used to the option "DefaultRoot" which I can set to
"~". That way, a used cannot escape his home directory (e.g. get a
listing of all users in /home). Of course the permissions are set
correctly on our servers, so user u1234 cannot get files of the user
u4321. But we like to have a situation, where user u1234 just sees the
directory "/" which is in fact /home/u1234, but for him, it is the root
directory of the sftp session.

How can I do this with sftp-server?


Re: Defining root directory for sftp-server logins

Quoted text here. Click to load it

This is non--trivial. You need to implement chroot cages, and they're
deliberately *not* in the OpenSSH code base despite years of people
asking for it and numerous authors or publishers of tools to do it
(including me). This is not the chroot listed in OpenSSH's sshd_config
file! That's an entirely separate bit of ssh daemon behavior, which
while exciting for security reasons had nothing to do with user chroot
cages, and frankly destablizied a lot of setups before it matured.

Frankly, if all you want is upload and download space instead of shell
access, pursue WebDAV over HTTPS, which has all that functionality
built-in, runs on standard Apache, is vastly more configurable, and is
supported by Windows Network Neighborhood automatically without having
to install anything. It's also supported by various Java GUI's,
Konqueror, and lftp for the Linux and UNIX world or MacOS.

Site Timeline