Hello,

i need to create a user who's access is restricted only to his home directory and below,

i restricted his pty access by adding 'no-pty' to the options of the ssh key in authorized_keys file. However, sftp access still allows this user access to all my file system

thanks

Then look at the groups he belongs to and determine what permissions each of your directories should have.

You could look at using chroot to restrict the permissions.
Basically it makes that shell think its "/" is its home, and so it cannot move to a directory above.
If you google for chroot ftpd, you should find an example of the general process.

my user belongs to nogroup

googled my way through...

scponly looks like it could work, but setuiding the original binaries makes me uneasy (maybe because i don't know enough about what could happen). Main Page - Scponly wiki

rssh has been used widely but isn't updated often. rssh - restricted shell for scp/sftp

Or else i can create a shell to use the sftp binary and support chroot: HOWTO: chroot SFTP (only)

so, 1) with S10 do i really need to build my own sftp/ scponly shell?
2) if i do need to create my own solution, which of the above 3 do you suggest?

thanks

i used the chroot sftp. very easy to setup and works as it should. I edited /etc/ssh/sshd_config to use the newly created sftp binary rather than the default Solaris one.

I do recommend to use ssh options such as no-pty to restrict user's ssh access, rather than the ones suggested by the page

Hi ,

Can you please tell me how do you setup sftp..

Regards

Pradeep Rajput