Restricted SFTP
Damien Miller
djm at mindrot.org
Fri Mar 23 15:50:35 EST 2001
On Fri, 23 Mar 2001, Andrew Bartlett wrote:
> As I have mentioned earlier on this list, I want to allow (relitivly)
> untrusted local users to SFTP to my server, as a secure method of remote
> file access.
>
> What I would like to do is to keep users within their home directory. I
> don't mind that it follows symlinks (if fact its probably a
> requirement), but some basic restriction on what users can see/access
> would be handy.
>
> The check I would propose would simply be 'all files/direcories served
> must start with /home/username'.
>
> Is this at all possible?
Not at present (presuming you don't modify sftp-server yourself).
A chroot capability is planned for the future, but has not been implemented
yet.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list