Restricted SFTP

Damien Miller djm at
Fri Mar 23 15:50:35 EST 2001

On Fri, 23 Mar 2001, Andrew Bartlett wrote:

> As I have mentioned earlier on this list, I want to allow (relitivly)
> untrusted local users to SFTP to my server, as a secure method of remote
> file access.
> What I would like to do is to keep users within their home directory.  I
> don't mind that it follows symlinks (if fact its probably a
> requirement), but some basic restriction on what users can see/access
> would be handy.
> The check I would propose would simply be 'all files/direcories served
> must start with /home/username'.
> Is this at all possible?

Not at present (presuming you don't modify sftp-server yourself).
A chroot capability is planned for the future, but has not been implemented


| Damien Miller <djm at> \ ``E-mail attachments are the poor man's
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list