FTP / SFTP home folders

karlexceed · June 16, 2020, 12:54:06 PM

I have several clients that will access my NAS via SFTP. The connections are working fine, but...

Assuming a structure like this: /mnt/array1/SharedFTP/
Where "SharedFTP" is the shared folder that a client has RW access to.

When they connect, even if they only have access to the share "SharedFTP", they end up in /mnt/. Of course, they can't read or write anything, but they are forced to navigate into /array1/SharedFTP in order to do anything.

Is there any way to force FTP/SFTP connections to only open in a specific folder? Something like a ChrootDirectory as described here: https://man.openbsd.org/sshd_config ?

1000001101000 · June 16, 2020, 02:04:27 PM

I think you are correct that the chroot method is the preferred/secure way of accomplishing that. You my be able to accomplish something similar by setting the user's home directory to /mnt/array1/SharedFTP.

I don't believe that the stock firmware has a way for you to do this directly.

Depending on the model, you could set up Debian on the device and then configure it as you see fit:
https://github.com/1000001101000/Debian_on_Buffalo

You could also try doing this by modifying the user accounts/ssh config from a root shell. This could have unwanted side effects and should only be done if you have a backup and are prepared to re-install if something goes wrong. That said there is a tool for enabling shell access:
https://github.com/1000001101000/acp-commander

News:

FTP / SFTP home folders

karlexceed

1000001101000