SFTP Gateway Support

3.0

Chroot directories

Overview

This article covers SFTP chroot directories in SFTP Gateway version 3.x.

Chroot directory location

An SFTP user's chroot directory can point to any S3 bucket and path.

By default, a user's chroot directory points to users/<username> in the default S3 bucket.

When creating multiple SFTP users, you should end up with the following structure:

s3://sftpgw-i-abcdefault/ 
|--users/
|  |--user1/
|  |--user2/

These chroot directories are all siblings under the users/ folder. As a result, SFTP users cannot access other users' folders by default.

You can however configure sharing scenarios pointing a user's chroot directory to a parent folder of another user:

s3://sftpgw-i-abcdefault/ 
|--users/   <-- user3's chroot directory
|  |--user1/
|  |--user2/

To point to a different S3 bucket, you can create a new Cloud Connection.

Access and permissions

SFTP users have access to their chroot directory, and any downstream file or subfolder. The SFTP user cannot traverse to the parent directory of the chroot directory.

Folder permissions default to Read/Write, but you can change this to Read Only or Write Only.

No local disk

All files and folders as seen from the SFTP client are objects on S3.

There is no local storage on the Linux file system. Everything you see is a live view of S3.

Write directly to the chroot directory

With SFTP Gateawy version 3.x, you can now write directly to the chroot directory.

Prior versions of SFTP Gateway used the OpenSSH implementation, which did not let you do this.

IAM PermissionsSecurity Level Configuration