Is it possible to block users from leaving their home directory?
Solution 1
Why would chroot
be a "huge load on the server"? This is precisely what chroot
was designed to do. There are guides aplenty on the internets that you can follow to get things set up.
Solution 2
SSH has built in chroot features for sftp, with ssh its a bit trickier since the users get to start a fully shell, but its also possible. Check out this howto:
http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny
Related videos on Youtube
samwell
Updated on September 18, 2022Comments
-
samwell over 1 year
I'm creating a webserver, and I will have many users ssh/sftp into it. All they need to do is within their home directory, for example,
/home/user/
.Many people have told me to use chroot, but it seems like it's a little bit too much, plus I'm going to have multiple users log in into the server so it'll be just a huge load on the server.
So to recap, I want to prevent users from leaving their home directory,
/home/user/
. Is this possible?-
Tim Brigham over 12 yearsIt is with chroot..
-
samwell over 12 yearsWould you recommend chroot with multiple users on the server?
-
-
samwell over 12 yearsI read that it can slow down the server and take more memory. Would you recommend it with multiple users ssh/sftp into the server?
-
EEAA over 12 yearsIt's likely that things will be just fine. Just give it a try. If it doesn't end up working, nothing has been lost.
-
jlecour about 3 yearsA chroot does not imply a full OS copy. It depends on what you want available to a user once in the chroot. Also, there is no performance penalty or overhead.