chroot jail for sftp on non-server 10.6.8

Bill.the.Cat

macrumors member
Original poster
Feb 13, 2011
89
0
I'm trying to set up a machine running non-server Snow Leopard to allow SFTP access for a couple of users. I'd like to restrict them to specific directories on a secondary storage drive. The best set of instructions for doing this I've found are here at macresearch.org

They're a couple of years old and apparently have the unfortunate side effect of disabling the ability to mount afp volumes.

Is anyone aware of a better method?

Thanks!
 

r0k

macrumors 68040
Mar 3, 2008
3,612
73
Detroit
I'm trying to set up a machine running non-server Snow Leopard to allow SFTP access for a couple of users. I'd like to restrict them to specific directories on a secondary storage drive. The best set of instructions for doing this I've found are here at macresearch.org

They're a couple of years old and apparently have the unfortunate side effect of disabling the ability to mount afp volumes.

Is anyone aware of a better method?

Thanks!
I red through the directions and they talk about restricting the users to directories on the boot drive, not a secondary drive. Why don't you simply create your chroot jail on the boot drive?
 

Bill.the.Cat

macrumors member
Original poster
Feb 13, 2011
89
0
Boot drive is too small (80GB nominal) for all of the files. Maybe creating symbolic links to the secondary drive in users' home directories will work?

If anyone is curious, I'm setting up a centralized backup location for about 10 colleagues to use with GoodSync. We have an old machine with an 80GB boot drive and an external 2TB. Our (university) IT doesn't provide any sort of backup of our machines so we decided to roll our own. For now we are doing it locally using afp for Mac users and smb for Windows users. At some point it would be nice to let people also sync/backup from home and to do that we will need to use SFTP. The standard SSH setup for OS X gives all users access to the entire file structure upon SFTP login.
 
Last edited:

r0k

macrumors 68040
Mar 3, 2008
3,612
73
Detroit
Boot drive is too small (80GB nominal) for all of the files. Maybe creating symbolic links to the secondary drive in users' home directories will work?
I seem to remember that chroot jails and sym links don't play well together, but it's certainly worth a try. Your user would be chrooted to a jail on the boot drive which itself turns out to be a sym link to the folder you want them to use on another drive.


No. Wait. The way they will get there after following the sym link is in /Volumes/other_drive. This means they now have access to everything on your system. Another possibility might be to disable OS X ftpd and use a third party ftpd that comes with its own user list and its own chroot jail.
 

Bill.the.Cat

macrumors member
Original poster
Feb 13, 2011
89
0
Another possibility might be to disable OS X ftpd and use a third party ftpd that comes with its own user list and its own chroot jail.
Ah, that's an excellent idea, thanks very much. Any suggestions for something cheap/free? A quick search found lots of praise for Rumpus but at $200+ for a license (even including edu discount) it's a little too pricey, we have enough money for a dozen or so GoodSync licenses but nothing left over. We'd likely only have a couple of clients connected at any given time, with most people syncing from their on-campus machines (and thus using afp or smb).

Again thanks for the good ideas!
 

nDarkness

macrumors newbie
Jan 10, 2012
29
0
Macports may have an open source solution to suit your needs. It's worth a quick search.

Sent from my DROID BIONIC using Tapatalk