是否可以在
Linux上使用SFTP并将用户帐户限制为一个目录,以便不能获得其他目录列表?是的,我必须使用SFTP,FTP仅供喜欢被黑客攻击的人使用.
例如,我希望有人修改/ var / www / code /中的文件,但我不希望他们能够修改其他任何内容.我甚至不希望他们看到内容/ tmp /.
(只要它是安全的,我会接受“快速而肮脏”的解决方案.)
解决方法
从sshd_config手册页:
ChrootDirectory
Specifies a path to chroot(2) to after authentication. This
path,and all its components,must be root-owned directories that
are not writable by any other user or group. After the chroot,sshd(8) changes the working directory to the user's home directo-
ry.
The path may contain the following tokens that are expanded at
runtime once the connecting user has been authenticated: %% is
replaced by a literal '%',%h is replaced by the home directory
of the user being authenticated,and %u is replaced by the user-
name of that user.
The ChrootDirectory must contain the necessary files and directo-
ries to support the user's session. For an interactive session
this requires at least a shell,typically sh(1),and basic /dev
nodes such as null(4),zero(4),stdin(4),stdout(4),stderr(4),arandom(4) and tty(4) devices. For file transfer sessions using
``sftp'',no additional configuration of the environment is nec-
essary if the in-process sftp server is used,though sessions
which use logging do require /dev/log inside the chroot directory
(see sftp-server(8) for details).
The default is not to chroot(2).
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
