[TriLUG] sftp without shell access?

[Scott Lundgren]

>
> One option is to set the shell to be the sftp-server (don't forget to 
> add it to /etc/shells).  The only problem with that is it doesn't 
> chroot them.  So they could still wander around the file system with 
> sftp client.  You can find various patches to implement the chroot if 
> you google for "sftp chroot."  One of them is here:

Matt,

have you used this tool? The being able to wander around the filesystem 
concerns me. Would this wandering only be confined to where their 
permissions allowed read access?

thanks,
Scott