chrooted sftp users?
Hello, We've got a bunch of users that use ftp to a big server. (think hosted websites) We want to upgrade those people to ssh, or better sftp. One feature of proftpd we are missing is to chroot each user in their own tree, so they can see only their file and cannot escape. How can we get this? Groetjes, Peter -- It's logic Jim, but not as we know it. | [EMAIL PROTECTED] God, root, what is difference? - Pitr| http://people.debian.org/~pvaneynd/ God is more forgiving. - Dave Aronson| http://users.belgacom.net/bn110523/ pgpjY87sN5O1n.pgp Description: PGP signature
Re: chrooted sftp users?
On Fri, 30 Aug 2002, Peter Van Eynde wrote: We've got a bunch of users that use ftp to a big server. (think hosted websites) We want to upgrade those people to ssh, or better sftp. One feature of proftpd we are missing is to chroot each user in their own tree, so they can see only their file and cannot escape. How can we get this? Variation 1: ALL USERS will be chrooted: You put DefaultRoot ~ in your proftpd.conf Variation 2: You make an anonymous session for your users, so users can be separated wether she wants to be chrooted or not. Anonymous ~username User username Group groupname Anonrequirepassword yes /Anonymous Hope it helped... ByeZ, Was -- SZALAY Attila / mrwas at cdata.hu / (20) 944 13 72 Not having an updated virus protection on a Windoze box today, is like trying to cure human flue by eating popcorn.
Re: chrooted sftp users?
On Fri, 30 Aug 2002, SZALAY Attila wrote: Variation 1: ALL USERS will be chrooted: You put DefaultRoot ~ in your proftpd.conf Variation 2: You make an anonymous session for your users, so users can be separated wether she wants to be chrooted or not. Anonymous ~username User username Group groupname Anonrequirepassword yes /Anonymous Hope it helped... I guess question wasnt about that... If you want chrooted sftp take a look at pam_chroot and http://sublimation.org/scponly JA
Re: chrooted sftp users?
On Fri, 2002-08-30 at 14:32, Peter Van Eynde wrote: We want to upgrade those people to ssh, or better sftp. One feature of proftpd we are missing is to chroot each user in their own tree, so they can see only their file and cannot escape. How can we get this? It used to work, but since priv-sep was included in openssh the regular chrooting code doesn't work anymore for non-root users. You could (if you dare) run openssh 3.1 and add the chroot patch to it. Then you can chroot sftp users. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl