Server: Red Hat Enterprise Linux Server release 6.5 (Santiago)
Using openssh-server to allow sftp connexions.
I'm trying to limit users to their own personal home directory.
So i modified /etc/passwd setting user "john" to use /bin/rbash
instead of /bin/bash
john:502:503::/home/john:/bin/rbash
If i do that, john cannot connect via sftp: the connexion closes as soon as he logs in (sftp message is Connection closed
) .
If i set the bash to /bin/bash instead, his connexion works fine, but then, john can travel all over the server file system using cd.
Can you explain what am I doing wrong in order to limit users connecting via sftp to their own directory?
Best Answer
rbash
won't let you run commands with a leading/
, if that's being attempted then it will simply exit.Unless you're using the internal sftp-server, an attempt to exec
/usr/libexec/sftp-server
will fail.Using
Subsystem sftp internal-sftp
in thesshd_config
will fix that.However, using
rbash
won't stop sftp from wandering around your filesystem, you probably want to chroot the users instead.