Chroot SFTP for standard users

moutonjr1 · May 9, 2020, 6:00pm

Hi team:
One useful feature would be to enable chroot+sftp force for yunohost users ; this could enable them to connect without the risk of overpass their use cases.
In my server, I as full admin should be the only one to have a shell access, for SoD purposes.

For example:
When creating multi custom web app that could be managed by yunohost user, bind webapp to chrootes user’s home for, that enables him to see his webapp only.

When using NextCloud: one could upload/download files through SFTP that would be integrated in the app by a cron job

Etc.
What are your thoughts about this?

SohKa · May 9, 2020, 6:13pm

Hi !

You can already give a chrooted sftp access to your users with the command sudo yunohost user ssh.

You can list the options with :

sudo yunohost user ssh --help

Aleks · May 9, 2020, 7:27pm

Hm I doubt that it is chrooted though

SohKa · May 10, 2020, 7:46am

Oops, you’re right. It’s the my_webapp app that set up chrooted sftp access (when the user is part of the sftpusers group).