On Sat, Oct 15, 2005 at 04:32:52PM +0200, [EMAIL PROTECTED] wrote:
> Hi,
>
> I am currently working with one of our file servers. Users need access to the
> server from where they live and so far I have been using sshd with scponly.
>
> I have used scponly because I don't want them to have a shell.
>
> The problem with the setup is that not al the users may access all the files.
> So far it has been handled with chmod to the different directories but this
> solution isn't working well.
>
> I am then currently looking at two solutions.
>
> 1. Continue using scponly but with chroot and then linking the directories
> inside their home directories.
> 2. Using vsftpd which support ssl both on login and on the data transfer
> (prefered), and then using the buildin support for jailing users. Then
> linking the directories inside their home directories.
>
> I am unsure which solution is the best, and if there perhaps is another even
> better solution.
>
> Advice and experiences is needed :-)
>
> Best regards,
> Rico.
Mmm, nobody seems to have replied yet.
It might be worth some trial and error first. For one, symlinks can't
traverse the chroot jail (which is, rather obviously, a Good Thing
(tm)), and it seems you're thinking of having them do just that. Or I
might be mistaken...
That being said, FTP is well past the time it was designed for. OpenSSH
is very stable and featurefull. Just make sure it isn't *too* featureful
for what you're doing.
JOachim
