This article covers SFTP chroot directories in SFTP Gateway version 3.x.
Chroot directory location
An SFTP user's chroot directory can point to any S3 bucket and path.
By default, a user's chroot directory points to
in the default S3 bucket.
When creating multiple SFTP users, you should end up with the following structure:
s3://sftpgw-i-abcdefault/ |--users/ | |--user1/ | |--user2/
These chroot directories are all siblings under the
As a result, SFTP users cannot access other users' folders by default.
You can however configure sharing scenarios pointing a user's chroot directory to a parent folder of another user:
s3://sftpgw-i-abcdefault/ |--users/ <-- user3's chroot directory | |--user1/ | |--user2/
To point to a different S3 bucket, you can create a new Cloud Connection.
Access and permissions
SFTP users have access to their chroot directory, and any downstream file or subfolder. The SFTP user cannot traverse to the parent directory of the chroot directory.
Folder permissions default to
Read/Write, but you can change this to
Read Only or
No local disk
All files and folders as seen from the SFTP client are objects on S3.
There is no local storage on the Linux file system. Everything you see is a live view of S3.
Write directly to the chroot directory
With SFTP Gateawy version 3.x, you can now write directly to the chroot directory.
Prior versions of SFTP Gateway used the OpenSSH implementation, which did not let you do this.