I have several clients that will access my NAS via SFTP. The connections are working fine, but...
Assuming a structure like this: /mnt/array1/SharedFTP/
Where "SharedFTP" is the shared folder that a client has RW access to.
When they connect, even if they only have access to the share "SharedFTP", they end up in /mnt/. Of course, they can't read or write anything, but they are forced to navigate into /array1/SharedFTP in order to do anything.
Is there any way to force FTP/SFTP connections to only open in a specific folder? Something like a ChrootDirectory as described here: https://man.openbsd.org/sshd_config (https://man.openbsd.org/sshd_config) ?
I think you are correct that the chroot method is the preferred/secure way of accomplishing that. You my be able to accomplish something similar by setting the user's home directory to /mnt/array1/SharedFTP.
I don't believe that the stock firmware has a way for you to do this directly.
Depending on the model, you could set up Debian on the device and then configure it as you see fit:
https://github.com/1000001101000/Debian_on_Buffalo
You could also try doing this by modifying the user accounts/ssh config from a root shell. This could have unwanted side effects and should only be done if you have a backup and are prepared to re-install if something goes wrong. That said there is a tool for enabling shell access:
https://github.com/1000001101000/acp-commander
Browser ID: smf
(is_webkit)
Templates: 1:
Printpage (default).
Sub templates: 4:
init,
print_above,
main,
print_below.
Language files: 1:
index+Modifications.english (default).
Style sheets: 0:
.
Hooks called: 50 (
showintegrate_autoload, integrate_pre_load, integrate_load_session, integrate_verify_user, integrate_pre_load_theme, integrate_user_info, integrate_load_board, integrate_board_info, integrate_pre_load_theme, integrate_allowed_to_general, integrate_simple_actions, integrate_allowed_to_general, integrate_load_theme, integrate_pre_log_stats, integrate_actions, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_codes, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_menu_buttons, integrate_current_action, integrate_theme_context, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general)
Files included: 27 - 1055KB. (
show./index.php, ./Settings.php, (Cache)/db_last_error.php, (Sources)/QueryString.php, (Sources)/Subs.php, (Sources)/Subs-Auth.php, (Sources)/Errors.php, (Sources)/Load.php, (Sources)/Security.php, (Sources)/Subs-Compat.php, (Sources)/Subs-Db-mysql.php, (Sources)/Cache/CacheApi.php, (Sources)/Cache/CacheApiInterface.php, (Sources)/StopForumSpam.php, (Sources)/Subs-Charset.php, (Sources)/Unicode/Metadata.php, (Sources)/Unicode/QuickCheck.php, (Sources)/Session.php, (Sources)/Logging.php, (Sources)/Class-BrowserDetect.php, (Sources)/Unicode/RegularExpressions.php, (Sources)/Unicode/CaseUpper.php, (Sources)/Unicode/CaseTitle.php, (Current Theme)/languages/index.english.php, (Current Theme)/languages/Modifications.english.php, (Sources)/Printpage.php, (Current Theme)/Printpage.template.php)
Memory used: 734KB.
Tokens:
post-login.
Queries used: 10.
[Show Queries]