From owner-freebsd-questions@FreeBSD.ORG Sat Dec 27 10:50:53 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECF1016A4CE for ; Sat, 27 Dec 2003 10:50:53 -0800 (PST) Received: from sparky.webaries.com (sparky.webaries.com [209.128.231.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD1E443D46 for ; Sat, 27 Dec 2003 10:50:50 -0800 (PST) (envelope-from matt@atopia.net) Received: from mail.webaries.com (sizzle.webaries.com [209.128.231.139]) by sparky.webaries.com (Postfix) with SMTP id 8569B356 for ; Sat, 27 Dec 2003 13:50:50 -0500 (EST) Received: from 24.225.162.3 (SquirrelMail authenticated user matt) by mail.webaries.com with HTTP; Sat, 27 Dec 2003 13:50:50 -0500 (EST) Message-ID: <2562.24.225.162.3.1072551050.squirrel@mail.webaries.com> In-Reply-To: <44wu8iqndi.fsf@be-well.ilk.org> References: <1072289310.4549.1.camel@prick> <44wu8iqndi.fsf@be-well.ilk.org> Date: Sat, 27 Dec 2003 13:50:50 -0500 (EST) From: "Matt Juszczak" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: SFTP Access Restrictions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 18:50:54 -0000 > Matthew Juszczak writes: > >> I was wondering if there is a way to setup permissions through SFTP that >> are "higher" than the actual account's permissions. Sort of the like >> the features available with ftp through /etc/ftpchroot. Right now I >> have about 10 users who's shell is set to sftp-server, so the only thing >> they can do is sftp in. > > Please be just a bit more precise. What do you want your setup to do > that its current arrangement isn't doing? > I would like users who use sftp to be restricted to their home directory only. Is there a way to do this without setting up a "jail" of sorts? In regular ftp, I know the file /etc/ftpchroot allows access control (as well as in the actual ftp config file, for instance proftpd allows you to set options to restrict users to their home directory only). Thanks! -Matt