From owner-freebsd-questions@FreeBSD.ORG Sun Aug 9 14:29:44 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D5810106566C for ; Sun, 9 Aug 2009 14:29:44 +0000 (UTC) (envelope-from miklosovic.freebsd@gmail.com) Received: from mail-bw0-f206.google.com (mail-bw0-f206.google.com [209.85.218.206]) by mx1.freebsd.org (Postfix) with ESMTP id 61AEE8FC1A for ; Sun, 9 Aug 2009 14:29:44 +0000 (UTC) Received: by bwz2 with SMTP id 2so1594652bwz.43 for ; Sun, 09 Aug 2009 07:29:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=oWjSB7UD3oY3MYr0JYA2p1JMOVEMlox7m2HGAExTtjU=; b=gKY1rW/dy7g+xGx+sFxgTakmOUVxKRokHRmyTcPcFRtlR+lS0nkNHZqYnQt20bI0WL SOigrqRNx8iZsuMAX3VpBO2NzcFnP5zS8+VRXSmBlkkJNk026cIrVeiXW22RaNcF3HP1 KZ8q1OXF0FAJ4aKIW2ovSNyNS3sjFaLmC4Qng= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Rwj1C7QxijPyOaFW/OGAfwL7KSD/CAHbKp76dsf1LtaZyPAS/Brxsb4NoWqgOuvy5r BmCnLRIpJzWOfxah1lFa25TGYJzvXtWwMg10W78lETOhjPHYlZlE9vbWTWd93A17d8n1 lDHZ6apEcW648nNFp8MQKgMmr9p+Yx9kHIVSg= MIME-Version: 1.0 Received: by 10.102.253.15 with SMTP id a15mr1426474mui.50.1249828183261; Sun, 09 Aug 2009 07:29:43 -0700 (PDT) Date: Sun, 9 Aug 2009 16:29:43 +0200 Message-ID: From: Stefan Miklosovic To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: sftp + chrooting users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Aug 2009 14:29:45 -0000 hi all, I am about chrooting ftp users into theirs home directories. I've following in the end of /etc/ssh/sshd_config Subsystem sftp internal-sftp Match group ftp ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp Now, problem I am facing: if I connect like user@hostname (user is in ftp group) and do "ls", it shows all content of /home dir which is not wanted. I want to chroot user to /home/user. But, as in manual, if you are going to do that, chrooted dir must be owned by root and not writable by anyone. This is impossible to do then. In sshd_config(5), there is ChrootDirectory keyword, and there are %u (user name) and %h (home dir) which would work, but they do not. Using of ChrootDirectory /home/%u does not work (because of privileges issue). it is also an option to chmod 700 for home dirs, but is there some other way?