[PATCH] sftp-server Restricted Access

Damien Miller djm at mindrot.org
Sun Jun 25 09:54:54 EST 2006


Julien Demoor wrote:
> Hello,
> 
> This patch makes it possible to restrict sftp sessions to a certain
> subtree of the file system on a per-Unix account basis. 

There has been a similar patch in bugzilla for a while:

http://bugzilla.mindrot.org/attachment.cgi?id=586

I'm looking at adding the ability to specify commandline arguments to
SubSystem declarations in sshd_config, but it is a little fiddly as any
change has to gracefully cope with forced commands in authorized_keys
files as well as the fairly common practice of making sftp-only accounts
by making sftp-server the user's login shell.

It will be easier when Darren's "Match" stuff is done, because we can
reuse it to do forced-commands in sshd_config.

-d




More information about the openssh-unix-dev mailing list