[TriLUG] sftp without shell access?

Scott Lundgren trilug at capitalfellow.com
Wed Dec 7 11:05:10 EST 2005


>
> One option is to set the shell to be the sftp-server (don't forget to 
> add it to /etc/shells).  The only problem with that is it doesn't 
> chroot them.  So they could still wander around the file system with 
> sftp client.  You can find various patches to implement the chroot if 
> you google for "sftp chroot."  One of them is here:

Matt,

have you used this tool? The being able to wander around the filesystem 
concerns me. Would this wandering only be confined to where their 
permissions allowed read access?

thanks,
Scott




More information about the TriLUG mailing list