Re: Defining root directory for sftp-server logins
- From: Nico <nkadel@xxxxxxxxx>
- Date: 17 May 2007 16:16:13 -0700
On 14 May, 19:40, Marten Lehmann <lehmannmap...@xxxxxx> wrote:
Hello,
from proftpd I'm used to the option "DefaultRoot" which I can set to
"~". That way, a used cannot escape his home directory (e.g. get a
listing of all users in /home). Of course the permissions are set
correctly on our servers, so user u1234 cannot get files of the user
u4321. But we like to have a situation, where user u1234 just sees the
directory "/" which is in fact /home/u1234, but for him, it is the root
directory of the sftp session.
How can I do this with sftp-server?
This is non--trivial. You need to implement chroot cages, and they're
deliberately *not* in the OpenSSH code base despite years of people
asking for it and numerous authors or publishers of tools to do it
(including me). This is not the chroot listed in OpenSSH's sshd_config
file! That's an entirely separate bit of ssh daemon behavior, which
while exciting for security reasons had nothing to do with user chroot
cages, and frankly destablizied a lot of setups before it matured.
Frankly, if all you want is upload and download space instead of shell
access, pursue WebDAV over HTTPS, which has all that functionality
built-in, runs on standard Apache, is vastly more configurable, and is
supported by Windows Network Neighborhood automatically without having
to install anything. It's also supported by various Java GUI's,
Konqueror, and lftp for the Linux and UNIX world or MacOS.
.
- References:
- Defining root directory for sftp-server logins
- From: Marten Lehmann
- Defining root directory for sftp-server logins
- Prev by Date: Re: Server refusing connection.
- Next by Date: SSH without password - problems with particular userid
- Previous by thread: Defining root directory for sftp-server logins
- Next by thread: Server refusing connection.
- Index(es):
Relevant Pages
|
