Privilege "User - System: Copy files to home directory (chrooted scp)"
We are trying to enable a user to connect to pfsense via SFTP (or SCP) and copy a file FROM their home directory.
In 2.3+, there is an user privilege "User - System: Copy files to home directory (chrooted scp)".
However, by assigning this by itself and connecting doesn't work; in System log the following appears:
Dec 3 17:40:19 scponly 67159 failed: /usr/libexec/sftp-server with error No such file or directory(2) (username: testuser(2000), IP/port: xxx.xxx.xxx.xxx 50690 22)
Ok, so in the privilege there is a cryptic reference to the following:
Warning: Manual chroot setup required, see /usr/local/etc/rc.d/scponlyc
I opened the file, but it doesn't explain how to do this chroot setup.
I found the following information regarding all this:
# Set it to "YES" to enable scponly
To setup chroot cage, run the following commands:
1) cd /usr/local/share/examples/scponly/ && /bin/sh setup_chroot.sh
2) Set scponlyc_enable="YES" in /etc/rc.conf
3) Run /usr/local/etc/rc.d/scponly start
So my question is whether
a) This is the right way to grant SFTP/SCP-read only access to the home directory and
b) Whether there is a better way.
Any help would be appreciated.