One way would be to use the commercially available SSH server. For more information, see: http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2001-11/000 1.html If you want to use the openssh server, you'll need to patch it. For more information, see: http://chrootssh.sourceforge.net/index.php For more information. Mike Patton USASMDC - Simulation Center Systems Analyst Madison Research Corporation (MRC) Phone: (256) 955-3706 Email: mike.patton@sc.army.mil This email capability is supported by Department of Defense systems and is subject to monitoring. Please refrain from using this address for non-Government purposes. -----Original Message----- From: Hugo [mailto:hg.list@gmail.com] Sent: Thursday, October 21, 2004 10:09 AM To: suse-security Subject: [suse-security] limiting sftp users to specific dir Hello! I finally changed my servers from Windows to Linux (SuSE 9.1). In windows I used to have F-Secure SSH-server (student licence) and I had set it up so that I could access via SFTP all the system (I also had SSH access), but others only their own directory. And what more, the SFTP directories were defined as d:\sftp\%username%. Very clean system with no problems for the users. Bear with me as I probably do not know how to ask this in a simple way and I do not know the right terms... I'll try to explain what I would like to do (almost the same as in Windows): With SuSE I had SSH server up and running very fast. So now I have different types of users: 1) Me: local user, remote with SSH and X + SCP/SFTP (unlimited) 2) Family: local users, remote with SFTP limited to users home dir (or some empty dir under it) 3) Remote family: only remote SFTP limited to some empty dir somewhere (not necessarily under home dir) The current situation with SuSE defaults is that if I create a user and use WinSCP to access the server with that user, they can see just about every file there including other users home dirs. Not good. (I thought be default Linux was more secure...) Also, just the complexity of all the stuff that is in the users home dir would confuse many users. They just need to see one empty dir where to transfer files from and to. For those that log in locally, this dir should be under the home dir, like Documents. And the 3rd type of users should only have access to one dir that is completely empty except for their own files. First question: Can this be done? (Please don't tell me I have to go back to windows server... ) Second: how? Sorry for not being more exact in defining the problem. Hopefully you got the idea. I'm not new to computers and I'm quite happy to edit config files... except that this time I didn't find what to edit (sshd_conf doesn't seem to have options for limiting users like this). -- HG -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here