I've used sftp-server as the shell for users, but I have not implemented
the chroot. And yes, the wandering around is limited to places where
they have proper permissions, but by default that's going to include
places like /etc. So if the goal is *just* to limit full shell access
and you basically trust the users, the sftp-server shell will work. If
you're really interested in fully locking things down, however, chroot
is probably worth the trouble.
-Matt
Scott Lundgren wrote:
One option is to set the shell to be the sftp-server (don't forget to
add it to /etc/shells). The only problem with that is it doesn't
chroot them. So they could still wander around the file system with
sftp client. You can find various patches to implement the chroot if
you google for "sftp chroot." One of them is here:
Matt,
have you used this tool? The being able to wander around the filesystem
concerns me. Would this wandering only be confined to where their
permissions allowed read access?
thanks,
Scott
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
