Topic: SFTP server and ibays: how to lock remote users down?

[MSmith]

Scenario:  SME 6.01-01 with usershellaccess and rssh contribs ... working fine as an SFTP server.  LAN users want to be able to use ibays for various SFTP users rather than each SFTP user's home folder (easy to drag & drop files to & from).

Problem:  how to make sure the SFTP users can't go roaming all over the server, accidentally or otherwise.  It's simple enough to set up a symlink of, say, /FOO to /home/e-smith/files/ibays/FOO/files, but setting /FOO as the initial folder in WinSCP or FileZilla allows changing directories upward.  Is there a reasonably simple way to restrict SFTP/SCP users to certain folders, or to prevent the symlink from being resolved to the full pathname by the client software?

It wouldn't be important to restrict certain users to certain ibays, it'd just be enough to keep them from changing directories from what is specified to them.

Thanks for any help or insight.

[stephen noble]

restricting a user within an application eg proftp is much easier then restricting them within a filesystem

i read it can be done, but isn't trivial, and each user has to be setup seperately.

stephen

[hardijs]

dungog.net ftp user root contrib is the one that does the "per user" limiting to some directory (or ibay)
it did work for me in 6.0.1 and now on 6.5 as well.

[stephen noble]

yes, but that is only unsecure ftp

msmith wants to use sftp which uses ssh
different port, different programs

maybe ftp over ssl is what we want

http://www.unlimitedftp.ca/resources/ftp/sslclient.html
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html

stephen

[kruhm]

has anyone tried jailkit? http://dag.wieers.com/packages/jailkit/