# sshd2 and chrootusers/groups



## carnivore1 (Aug 12, 2009)

Hey all,

very new to freebsd but so far lovin it. I have a new server setup and running apache and I am now trying to setup access for two different web masters to be able to log in via sftp to add and remove files.

That said, I have installed the ssh2 from ports and I am now trying to setup chrootusers to allow these users to log in with sftp and see thier home directory but not be able to chdir upwards from there.

What I have working currently.....

webmaster group created
users for each webmaster created and added to webmaster group
users home directory pointed to the home directory of their web site.

My problem at the moment......

sftp access is working, and it DOES put them in the home directory I supplied (thier web site root) but they are still able to browse upwards from thier and see each others web directories.

Is there anyway I can prevent this from happening??

thanks for any help.


----------



## crsd (Aug 13, 2009)

Try using shells/scponly with WITH_SCPONLY_CHROOT option.


----------



## DutchDaemon (Aug 13, 2009)

Are you using one or the other?


```
The command [I]sftp-server[/I](8) implements the ``sftp'' file transfer
             subsystem.

             Alternately the name ``[I]internal-sftp[/I]'' implements an in-process
             ``sftp'' server.  This may simplify configurations using
             ChrootDirectory to [I]force a different filesystem root[/I] on clients.
```


```
no additional configuration of the environment is nec-
             essary if the in-process sftp server is used
```


----------



## carnivore1 (Aug 13, 2009)

Thanks so much DutchDaemon, That option was commented out in my sshd2_config file and after uncommenting it and restarting the server all works as expected.


----------

