https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975241#M27679 Neither ftp or sftp actually USES the shell, so using rbash will probably not do what you want either way (though some ftp servers offer that level of restriction).<BR /><BR />In a web hosting environment I can see no legitimate reason for people to have real shell access, so scponly or rssh may do what you need with a lot less work than a full do-it-yourself chroot setup.<BR /><BR />Another option is to just use another mechanism altogether, such as webdav or PUT over HTTPS. But either one probably requires a lot more work on your side.<BR /> Wed, 04 Apr 2007 10:11:00 GMT Heironimus 2007-04-04T10:11:00Z https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975239#M27677 Hi,<BR /><BR />What a nightmare this is turning out to be. I'm amazed this is so difficult. We have a server hosting numerous virtual webservers and we need people to be able to upload information. I don't want them to use sftp for security reasons but clearly sftp does not work with rbash. I need rbash as I do not want them viewing other customers information. In otherwords I do not want them to be able to traverse directories. <BR /><BR />So what are my options. Its coming down to using standard ftp which is not ideal. Can anyone help. <BR /><BR />Adam Wed, 04 Apr 2007 09:14:19 GMT https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975239#M27677 Adam Noble 2007-04-04T09:14:19Z https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975240#M27678 Shalom,<BR /><BR />Use the shell, /bin/false or /sbin/nologin <BR /><BR />This blocks login completely from the command line.<BR /><BR />It is possible to acheive other results by chrooting sftp.<BR /><BR /><A href="http://www.linuxforums.org/forum/linux-security/3215-chroot-openssh.html" target="_blank">http://www.linuxforums.org/forum/linux-security/3215-chroot-openssh.html</A><BR /><BR /><A href="http://www.linuxforums.org/forum/linux-security/3215-chroot-openssh-2.html" target="_blank">http://www.linuxforums.org/forum/linux-security/3215-chroot-openssh-2.html</A><BR /><BR /><A href="http://archives.neohapsis.com/archives/sf/linux/2001-q4/0189.html" target="_blank">http://archives.neohapsis.com/archives/sf/linux/2001-q4/0189.html</A><BR /><BR />SEP Wed, 04 Apr 2007 09:45:31 GMT https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975240#M27678 Steven E. Protter 2007-04-04T09:45:31Z https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975241#M27679 Neither ftp or sftp actually USES the shell, so using rbash will probably not do what you want either way (though some ftp servers offer that level of restriction).<BR /><BR />In a web hosting environment I can see no legitimate reason for people to have real shell access, so scponly or rssh may do what you need with a lot less work than a full do-it-yourself chroot setup.<BR /><BR />Another option is to just use another mechanism altogether, such as webdav or PUT over HTTPS. But either one probably requires a lot more work on your side.<BR /> Wed, 04 Apr 2007 10:11:00 GMT https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975241#M27679 Heironimus 2007-04-04T10:11:00Z https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975242#M27680 just install vsftpd. in the conf file setup the chroot option to chroot users to their home directory. Also turn off the anonymouns logins. set the users shell to /sbin/nologin. then they can ftp and will be confined to their home directory. Also, they cannot login via ssh, etc. Wed, 04 Apr 2007 11:47:44 GMT https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975242#M27680 Court Campbell 2007-04-04T11:47:44Z https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975243#M27681 also if the connection needs to be secure you can setup vsftpd up with a certificate. Here is a nice howto:<BR /><BR /><A href="http://wiki.vpslink.com/index.php?title=Configuring_vsftpd_for_secure_connections_(TLS/SSL/SFTP)" target="_blank">http://wiki.vpslink.com/index.php?title=Configuring_vsftpd_for_secure_connections_(TLS/SSL/SFTP)</A><BR /><BR /> Wed, 04 Apr 2007 11:49:35 GMT https://community.hpe.com/t5/operating-system-linux/rbash-is-great-but-sftp-doesn-t-work-with-it/m-p/3975243#M27681 Court Campbell 2007-04-04T11:49:35Z