» [Question] sftp - jailed & nologin?

[Tsukasa]

So i searched a little and not really coming up with what I am looking for so posting it here to ask, its also almost 4am so i'm not about to search irc servers for an answer i'm gonna head to bed.


using openssh as the sftp

I want to create a jailed nologin user to upload/download without browsing files or exe privs.

Example how I would do this in vsftp.
useradd --home /jailed/dir --shell /usr/sbin/nologin UserAccountName
* This user is not allowed to login to a shell
* nologin was added into /etc/shells

vsftpd.userlist would contain the above created user name to be allowed to use only the ftp and jailed to its dir.

Anyone of do such task for the sftp?

[MaXe]

I might only know it if it was the normal sftp and not vsftpd.

I guess Xires might be able to help you or eventually me when I try it out sometime soon :-)

[Xires]

I think what you're looking for is scponly. rssh is also available but in my experience it's not as clean or quite as good. scponly is about as simple as it gets; just install it and set it as the user's shell. That's all there is to it. You don't need to modify your SSHd configuration or anything.

Do keep in mind, however, that it can make it somewhat annoying to 'su' to since the 'su' command launches the user's shell as defined in /etc/passwd. Thus, just specify the shell when you wish to su to that user(e.g. su -s ${SHELL} someacct).

[Tsukasa]

Ya Xires you told me about it in irc but also a good thing to have posted here for others to know as well.

[MaXe]

Thanks Xires, i didn't know there was a scponly shell :-) Very much useful, +rep!