dear list. I want to provide my users with sftp (via ssh2) remote access to their files, without allowing them to browse through the filesystem on that server. I already know how to disable shell access. (set shell to /usr/lib/shh/sftp-server for normal users works perfectly) Is there a way, using posix acl I guess, to DENY access to all directories, except a few? So, maybe create a group (mortal_users..?) and put a deny acl to all directories, except /home. Would this work? Would this be a good approach? And what would the setfacl command be do DENY access for a certain group? (all examples only talk about granting certain permissions for certain groups) Thanks very much for any clues and help. Mourik Jan --- email: echo ude.unu.hcetni@knipueh | rev