> If you run ssh-chrootmgr, it will set up the environment for you
> so you don't have to deal with this manually.
>
> # ssh-chrootmgr username
>
> This should do the trick :)
In few cases (most notably on Linux)...
> Remember, it sets up a chrooted environment for
> sftp only.
Why can't you move the call to chroot(2) to sftp-server instead?
Comments in ssh-chrootmgr say "copy static binaries to ~/bin." Some
modern OSes (Solaris, IRIX to mention a couple) provide very limited
support (if any) for static linking (e.g. under Solaris you can't get
rid of reference to run-time linker ld.so or at least there is no
documented way as they do provide pure statically linked applications in
/usr/sbin/static). In such cases you end up coping the shared objects
those binaries refer to at run-time (in Solaris case meaning that it
depends on current CPU architecture and locale). In addition on Solaris
you would also have to create /dev/zero which by the way wouldn't work
if the home directory is mounted with nosiud flag. So why not move
chroot(2) to sftp-server? At least it shall work on *any* platform and
no questions will ever be asked (fingers crossed:-)...
Andy.
