[scponly] Limiting to home directory without chroot?

scponly-7264 at tagged.lorens.org scponly-7264 at tagged.lorens.org
Fri Sep 30 10:38:11 EDT 2005


I want to set up secure communications for an existing FTP
server. I thought I'd use scponly. The only way to limit a user
to his home directory seems to be by chrooting the user. Is this
correct? Why?

I don't feel like setting up chroot environments for some 10000
users, and the "set up a single chroot and hang all users off
it" won't work for me (home dirs have to be accessible by
others, but not coming through ftp/sftp/scp).

Assuming the scponly server does not have severe
vulnerabilities, isn't it simply a matter of forbidding cd to
directories above the home directory?  Am I wrong in thinking
that this is easy, or in thinking that it is not done?

If not possible with scponly, are there other programs that can
provide a simple standard access over a secured channel to a
directory tree?  I seem to remember an ssl/tls extension to ftp
that was not the same thing as sftp.

Thanks!



More information about the scponly mailing list