Re: changing the root directory for sftp users



On Jan 17, 2:34 am, yawnmoth <terra1...@xxxxxxxxx> wrote:
Say I have a user with SFTP access to /home/user01/.  If they go to /
home/user01/../../home/user02/ they can see the contents of user02's
directory.  What I'd like to do is to make it so they can't traverse
up from /home/user01/ - so that, when they logon, via SFTP, /home/
user01/ appears to them as /.

Any ideas as to how this might be done?

Don't bother. SFTP is useful, but its chroot behavior is very painful
to work with. It's *REALLY* OpenSSH has never worked well for
providing restricted directory access for individual users,
effectively chroot cages. (I used to publish patches for the this,
years back: they were never accepted.)

SFTP for anything other than casueal file transfer access has other
issues. The APO for time display is really not thorougly specced out,
so regional settings in clients and servers can cause significant
confusion. (I ran headlong into this last year.)

For restricted file access, consider FTPS or WebDAV over HTTPS. I've
had very good success with WebDAV over HTTPS, which is built right
into many web clients, including lftp for Linux users, and Network
Neighborhood for Windows users.
.



Relevant Pages

  • Re: Alternative to attachments - Briefcase or X-Drive Software?
    ... A WebDAV site is a simple Website with WebDav ... > I'm looking for an alternative to file attachments that people do in ... > lot of file extensions. ... > be able to upload files through an HTTPS ...
    (microsoft.public.exchange2000.general)
  • Re: ssh transfert log "Urgent"
    ... > Is it possible to log all transfert "File name, size, duration" in a ... it's built on top of some rather old and simple file-transfer techniques. ... Why not consider using HTTPS and, say, WebDAV over HTTPS for uploads? ...
    (comp.security.ssh)
  • Re: XP WebDav Mapped Drives
    ... We are trying to migrate a lot of our hosted clients to RPC/HTTP and Webdav rather than VPN's, and im looking to make some simple scripts/apps that can perform the required registry changes on Vista whilst still being very simple to use. ... Vista supports https with net use, and XP supports https in the shell which is how I used https hosted webdav sites back when I was on XP. ... "Matabra" wrote in message ...
    (microsoft.public.windows.server.sbs)
  • Re: Simple DAV server?
    ... I am *so* close to having a WebDAV solution. ... it all broke in MS Windows. ... in Windows Explorer. ... If I make it with HTTPS, ...
    (comp.lang.python)