[PATCH] sftp-server Restricted Access

Julien Demoor openssh at jdemoor.com
Sun Jun 25 05:10:33 EST 2006


This patch makes it possible to restrict sftp sessions to a certain
subtree of the file system on a per-Unix account basis. It requires a
program such as rssh or scponly to function. A patch for rssh is also
attached to this email.
The method employed uses realpath() and a string comparison to check
that each file or directory access is allowed.
With this patch, sftp-server takes a command-line argument to indicate
the directory to which the user will be restricted. Without this
argument, the patch has no noticeable effect. Rssh execv()s sftp-server
with this argument if rssh.conf tells it to.

Please note that this patch is written for the portable distribution of
OpenSSH 4.3.

Your comments will be appreciated.

Best regards,

Julien Demoor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rssh-restricted-patch-1.0.tar.gz
Type: application/gzip
Size: 3356 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20060624/e5a21fbd/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sftp-restricted-patch-1.0.tar.gz
Type: application/gzip
Size: 4102 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20060624/e5a21fbd/attachment-0001.bin 

More information about the openssh-unix-dev mailing list