Date: Sun, 9 Aug 2009 16:29:43 +0200 From: Stefan Miklosovic <miklosovic.freebsd@gmail.com> To: freebsd-questions@freebsd.org Subject: sftp + chrooting users Message-ID: <f99a79ec0908090729x54eaa769mfa4b9008bc0421e6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hi all,
I am about chrooting ftp users into theirs home
directories. I've following in the end of /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match group ftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Now, problem I am facing:
if I connect like user@hostname (user is in ftp group)
and do "ls", it shows all content of /home dir which
is not wanted. I want to chroot user to /home/user.
But, as in manual, if you are going to do that, chrooted dir must be owned
by root and not writable by anyone.
This is impossible to do then.
In sshd_config(5), there is ChrootDirectory keyword, and
there are %u (user name) and %h (home dir) which would work,
but they do not.
Using of ChrootDirectory /home/%u does not work (because of privileges
issue).
it is also an option to chmod 700 for home dirs, but is there some other
way?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f99a79ec0908090729x54eaa769mfa4b9008bc0421e6>