chroot'd SFTP

Darren Tucker dtucker at
Sun Jul 29 13:28:11 EST 2007

Peter Stuge wrote:
> On Sun, Jul 29, 2007 at 12:46:13AM +0300, Richard Storm wrote:
>> /etc/ssh/sshd_config:
>> Match user share
>>       X11Forwarding no
>>       AllowTCPForwarding no
>>       ForceCommand /usr/libexec/sftp-server -C %d
>> pkill sshd; /usr/sbin/sshd
>> and done :)
> Couldn't one just use a wrapper script doing the equivalent of the
> patch and then exec:ing sftp-server ?

You could, but if you do the chroot before exec'ing sftp-server then you 
would need to put all of the libraries used by sftp-server (and /dev 
entries, and whatever else it wants at startup) inside each chroot.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list