>1. Why do you think this change provides effective security?


Specifying the starting directory, and not allowing the user to navigate=
above it effectively locks the user within that directory. =

>2. Have you ever tried to implement something like this, dealing with>symb=

olic links, bind mounts, etc.?
Since you cannot transfer symlinks directly via the scp command, there w=
ouldn't be any in the directories we would be using on the remote system. =

>If you want to confine users effectively, chroot them.

chroot'ing should not be used as a security method, that's been clearly sta=
ted time and again.
__________________________________________________ _______________
Help yourself to FREE treats served up daily at the Messenger Caf=E9. Stop =
by today.
openssh-unix-dev mailing list