sftp + chrooting users

[Stefan Miklosovic]

hi all,

I am about chrooting ftp users into theirs home
directories. I've following in the end of /etc/ssh/sshd_config

Subsystem  sftp   internal-sftp

Match group ftp
 ChrootDirectory /home
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp

Now, problem I am facing:
if I connect like u...@hostname (user is in ftp group)
and do ls, it shows all content of /home dir which
is not wanted. I want to chroot user to /home/user.

But, as in manual, if you are going to do that, chrooted dir must be owned
by root and not writable by anyone.

This is impossible to do then.

In sshd_config(5), there is ChrootDirectory keyword, and
there are %u (user name) and %h (home dir) which would work,
but they do not.

Using of ChrootDirectory /home/%u does not work (because of privileges
issue).

it is also an option to chmod 700 for home dirs, but is there some other
way?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: sftp + chrooting users

[Christer Solskogen]

On 8/9/09 4:29 PM, Stefan Miklosovic wrote:

hi all,

I am about chrooting ftp users into theirs home
directories. I've following in the end of /etc/ssh/sshd_config

Subsystem  sftp   internal-sftp

Match group ftp
  ChrootDirectory /home
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp



I have this in my sshd_config:
Match Group sftponly
 ChrootDirectory /usr/home/%u
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp

But also note that the user(which is in the sftponly group) have / as 
his home directory.


--
chs


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org