Disabling specific commands in sftp
Peter Stuge
peter at stuge.se
Sun Feb 12 06:02:22 AEDT 2017
Alexandre MALDEME wrote:
> On CentOS 7 I’m trying to set up a chrooted SFTP server on which
> specific users can only read and write on specific folder.
I don't know if your CentOS 7 constraint is helpful for you, but sshd
has a ChrootDirectory configuration option and if you use
internal-sftp for the sftp subsystem you do not need any special
files in the chroot.
> And I’d like to disable some commands, so the users can only do
> ‘cd’, ‘ls’, ‘get’ and ‘put’ (and disabling ‘chgrp’, ‘chmod’,
> ‘chown’, ‘df’ etc …).
As for arbitrarily disabling commands, that may well need patching,
because the OpenSSH sftp server does not really have any (policy)
configuration. I for one like that.
//Peter
More information about the openssh-unix-dev
mailing list