FreeBSD 11.1: chroot users / provide pre-built binaries

Philipp Vlassakakis freebsd-en at
Mon Jun 25 17:45:12 UTC 2018

Hello, everybody,

I am currently looking for a good solution to my „problem“.

Scenario: I have a fileserver with several hundreds local users.

Each user should be locked into his $HOME (so they can’t cd into any other user-directory, /root etc.), but can login via SSH,SFTP and upload files. 
Via ZFS exec,devices,setuid is set to „off", so they can't execute any self-uploaded binaries, except binaries, which are provided by me. (cp, mv, rm, rmdir, sh, touch, chgrp, groups, pwd etc.).
The binaries are included via $PATH.
On the one hand I want to save space, so that the binairies don't have to be in every $HOME, 
on the other hand the work is reduced if a binary needs to be updated.

Is there any simple way to lock users into their Home-Directory without editing sshd_config every time?
Thanks in advance


More information about the freebsd-questions mailing list