GNU Rush legacy configuration syntax (split by node):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Copying This Manual   Contents: Table of ContentsIndex: Concept Index

9.3 sftp

Executing sftp on the client machine invokes sftp-server, without arguments, on the server.

We want to allow our users to use sftp to manage their public_html directories. The sftp-server will be executed with the user’s home directory as root, in a chrooted environment. For this to work, each user’s home must contain a copy of sftp-server (which we’ll place in ~/bin subdirectory) and all files it needs for normal execution: /etc/group and /etc/passwd with one entry (for the user and his group), and, unless the binary is linked statically, all the shared libraries it is linked with, in the subdirectory ~/lib.

Given these prerequisites, the following rule will ensure proper sftp interaction: 

rule sftp-incoming
  match $command ~ "^.*/sftp-server"
  set [0] = "/bin/sftp-server"
  chroot "~"
  chdir "public_html"

Notice the last action. Due to it, users don’t have to type cd public_html at the beginning of their sftp sessions.

This document was generated on June 29, 2019 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.