Re: locking down sftp directory

From: Thomas Samson <thomas.samson@xxxxxxxxx>
Date: Sat, 23 Sep 2006 06:41:21 +0200

"tilopa" <wgilgallon@xxxxxxxxx> writes:

I just installed and configured Cygwin SSH on a Windows2003 DC. We want
to have external clients be able to sftp into this server and be able
to upload and download files from a single particular directory. But
when I test this functionality I can connect to the server and am
dumped into the correct dirctory but I can then uplevel to the cygwin
root directory and have access to everything there. I have searched
quite a bit for a solution and have found nothing, except for
references to chroot which apparently can only be configured on a pure
unix machine. It is puzzleing to me that more businesses would not need
this functionality, and what is the point of secure ftp if you cannot
lock your users into there home directory. Does anyone know of a better
free solution?

Well ... is this functionnality really important to you ?
Files have permissions, so you can limit the users rights. I suppose you
can just modify the read, write and execution right on the various place
where you don't want access (and maybe use a different group for remote
users).

The point of secure ftp is to do secure authenticated file transmission,
not to limit users ... the os handle users and the limits (and cygwin
can handle some kind of limitations, but I would not trust such thing).

And most businesses just setup a unix/linux box to do this kind of
things (that is for the category 'better free solution')

--
Thomas Samson
Computers are like air conditioners. Both stop working, if you open
windows.
-- Adam Heath
.

Follow-Ups:
- Re: locking down sftp directory
  - From: tilopa

References:
- locking down sftp directory
  - From: tilopa

Prev by Date: Re: locking down sftp directory
Next by Date: Bringing ssh connections back to life after hibernation
Previous by thread: Re: locking down sftp directory
Next by thread: Re: locking down sftp directory
Index(es):
- Date
- Thread

Relevant Pages

locking down sftp directory
... I just installed and configured Cygwin SSH on a Windows2003 DC. ... to have external clients be able to sftp into this server and be able ... this functionality, and what is the point of secure ftp if you cannot ...
(comp.security.ssh)
Re: Good alternative to BT2700HGV
... The functionality seems excellent but I'm ... Netgear support it only currently supports Multi-nat if you use the ... ethernet WAN port and not the internal ADSL modem. ... RDP open on one server, PPTP and SMTP on another, and some SAP ...
(uk.telecom.broadband)
Re: Good alternative to BT2700HGV
... I have a multi IP business package from BT and have been using the ... The functionality seems excellent but I'm ... ethernet WAN port and not the internal ADSL modem. ... RDP open on one server, PPTP and SMTP on another, and some SAP ...
(uk.telecom.broadband)
Re: Architectural feedback
... > bank branches absolutely must be able to function with a failed server (or ... This means a lot of functionality is duplicated on ... >> core app must reside on the client or may be run from the server. ...
(microsoft.public.dotnet.general)
RE: Are you truly a M$ desktop alternative?
... to run a kickarse Microsft 2K3 server Terminal Server, ... This email is going to any Linux house whom has pitched themselves via ... integration and functionality? ... The cost difference is obvious. ...
(freebsd-questions)