[Discuss] Using sftp without a shell account

[Richard Pieri]

On 1/2/2015 2:34 PM, Bill Horne wrote:
> 1. Does every Open Directory user have to have a "home" directory on the
> master server "/Users" branch, or can it be placed elsewhere or left on
> the user's workstation?

It's possible but it's a bit of a pain. I looked into it a while ago for 
using AFS home directories. In practice, I just use directory skeletons 
and symbolic links to make things look right. Much simpler to manage 
than mucking around with all users' directory information.

> 2. How would you chroot network users with local "home" directories so
> that they're blocked from using them, and limited to the same branch as
> ftp users?

I'd use rssh (OpenSSH restricted shell) and follow rssh's recommended 
practices.

> 3.

Don't know off hand. I don't have an OS X box handy to look.

-- 
Rich P.