[Techtalk] sharing files - ssh and ftp

Rasjid Wilcox rasjidw at openminddev.net
Sat May 3 17:50:13 EST 2003

On Saturday 03 May 2003 16:49, Mary wrote:
> On Sat, May 03, 2003, Rasjid Wilcox wrote:
> > How would this allow you to restrict a user to their home directory?
> > You could stop them using 'cd', but then the user could not navigate
> > around their own home directory structure.
> It wouldn't, you'd need to use a chroot jail I think. And the trouble
> with a jail is that you can't use anything much outside it at all, for
> example /usr/bin stuff - or the ssh binaries.
> However, it depends *why* you want to restrict them to their home dirs.
> If it's because "I don't want them executing commands, I don't want this
> to be a shell account, I just want them to be able to scp files they
> have permission to read to and fro" then using this command will limit
> the commands they can run to ssh alone, and standard permissions will
> bar them from files they aren't meant to read.

I have just had a quick play with this, and it seems to work well.

Suppose you want user 'someuser' to only have sftp access, but no ordinary 
shell access.  Then a simple

# chsh -s /usr/libexec/openssh/sftp-server someuser

seems to do the trick.

You can then use Filezilla on Windows or gFTP on Linux for a GUI SFTP client.  
With gFTP you need to check 'Use SSH2 SFTP subsys' under FTP - Options - SSH.

If the user does try and log in using a normal ssh client, they get logged 
straight into the sftp subsystem, and so they should be unable to run any 
normal shell commands.




Rasjid Wilcox
Canberra, Australia  UTC + 10

More information about the Techtalk mailing list