On Sat, Nov 11, 2023 at 7:16 PM Bob Proulx <bob@xxxxxxxxxx> wrote: > > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. The simplest answer is "don't bother". Switch to FTPS, which is supported with quite simple tools like vsftpd and is vastly simpler to entirely segregate user spaces for. If you have a compelling need to support scp and/or rsync, you can look at the old "rssh" tools, I used to publish RHEL wrappers for that at https://github.com/nkadel/rssh-chroot-tools , but stopped maintaining my copy years ago. They're far more burdensome, and maintaining the SFTP based "only see the upload or download folder" configs is a lot more work, than simply using vsftpd and FTPS. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
