Re: using OpenSSH/SFTP to replace an FTP server securely

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 19/05/14 03:31, IMAP List Administration wrote:
Hello Folks,

(...)
if I chroot all users to the same top directory, for example "/home",
which would solve the problem of avoiding hundreds of syslog logging sockets, I
have found no method of having OpenSSH chdir into a user-specific subdirectory
(I would be willing to rely on the standard UNIX security model to restrict
users' access to their own directories).

Have I missed something, or is what I'm trying to achieve simply not possible
using OpenSSH?

Suppose the user home is /home/foo, then if that path exists inside your chroot (eg. /chrooted-users/home/foo) then the user will be landed inside that folder
(writable for him).


If you want something different, like chrooting them at /chrooted-users/foo, you
can use -d parameter in the ForceCommand, ie.
 ForceCommand internal-sftp -d /%u


Regards

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux