sftp-server - lock user in working directory (or prevent folder navigation)

[pestevao]

Hi,

I'm using this example https://github.com/pkg/sftp/blob/master/examples/go-sftp-server/main.go to make some tests on a internal sftp-server for data syncronization on multiple servers.

I was abble to define some working directories per user, checking username and defined WithServerWorkingDirectory using serverOptions.

But the users can navigate to other folders using cd .. or cd /directory.

Some chance to lock users in the defined working directories?
I was thinking of compare the output for the current sftp folder and compare it with the working directory and throw some error to the sftp client but can find a way to do it.

Thank you, Pedro

[puellanivis]

There is no way to guarantee that a user cannot get out of their working directory. You need to use a chroot to do that.

The problem is that one can always do ln -s / root in a directory that you have write permission to, and voila, you can access the whole drive through a ${PWD}/root/ filename prefix, that will pass any such test you can think of to check a prefix on the filename.

[pestevao]

True.
But this will be a read only sftp so unable to write on it.

[puellanivis]

I would recommend either implementing a RequestSever or from the new dev-v2 branch implementing the ServerHandler and you can then lock out accesses without a specific prefix.

[drakkan]

With Go 1.24 os.Root may help.