Re: changing the root directory for sftp users
- From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
- Date: Mon, 17 Jan 2011 16:18:59 -0800 (PST)
On Jan 17, 2:34 am, yawnmoth <terra1...@xxxxxxxxx> wrote:
Say I have a user with SFTP access to /home/user01/. If they go to /
home/user01/../../home/user02/ they can see the contents of user02's
directory. What I'd like to do is to make it so they can't traverse
up from /home/user01/ - so that, when they logon, via SFTP, /home/
user01/ appears to them as /.
Any ideas as to how this might be done?
Don't bother. SFTP is useful, but its chroot behavior is very painful
to work with. It's *REALLY* OpenSSH has never worked well for
providing restricted directory access for individual users,
effectively chroot cages. (I used to publish patches for the this,
years back: they were never accepted.)
SFTP for anything other than casueal file transfer access has other
issues. The APO for time display is really not thorougly specced out,
so regional settings in clients and servers can cause significant
confusion. (I ran headlong into this last year.)
For restricted file access, consider FTPS or WebDAV over HTTPS. I've
had very good success with WebDAV over HTTPS, which is built right
into many web clients, including lftp for Linux users, and Network
Neighborhood for Windows users.
.
- Follow-Ups:
- References:
- changing the root directory for sftp users
- From: yawnmoth
- changing the root directory for sftp users
- Prev by Date: Re: Limit ssh connections
- Next by Date: putty dynamic port forwarding
- Previous by thread: changing the root directory for sftp users
- Next by thread: Re: changing the root directory for sftp users
- Index(es):
Relevant Pages
|
