sftp-server: add a chroot option
Jochen Bern
Jochen.Bern at binect.de
Thu Feb 26 20:27:09 AEDT 2026
Am 25.02.26 um 12:31 schrieb Eloi Benoist-Vanderbeken:
> [...] I would like to add an option to chroot the sftp-server.
> I am well aware that I could use ChrootDirectory with internal-sftp
> but that doesn't work for me. [...]
If I understand correctly, you have to create a "fully equipped" chroot
tree (with copies of all used libraries, $CHROOT/etc/passwd and
$CHROOT/etc/group for proper "ls -l" output, maybe a $CHROOT/dev/log
with the syslogd doing an extra LISTEN on it so as to have working
logging, yadda yadda), anyway. If so, wouldn't wrapping the (unchanged)
sftp-server executable/process with the OS' chroot(1) command do the
trick already?
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260226/d192a315/attachment.p7s>
More information about the openssh-unix-dev
mailing list