On Tue, May 20, 2014 at 3:32 AM, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Mon, 19 May 2014, ?ngel Gonz?lez wrote: > >> If you want something different, like chrooting them at /chrooted-users/foo, >> you >> can use -d parameter in the ForceCommand, ie. >> ForceCommand internal-sftp -d /%u > > If you're willing to live with a single chroot directory and file > permissions to keep users from each others' files then this is a great > solution. It only requires a single /chrooted-users/dev/log listener > too. > > -d The necessity for additional arcanery, of having non-user owned contents inside each working chrooted directory, and this kind of 'make one chroot, but rely on the users to correctly set permissions and block access to each other's content, even though they can see each other's directories by default" is exactly why the sftp chroot setup is not ideal. If you *must* do this sort of thing, I'd urge running it on a separate sshd, with a separate sshd_config, running on another port, just to keep it away from your SSH logins for other users and other uses. If you're not compelled for other reasons to use this, vsftpd with FTPS is a *lot* easier to set up. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev