From ArchWiki
Revision as of 12:29, 16 December 2011 by Kynikos (Talk | contribs) (update templates, see Help:Style)

Jump to: navigation, search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.

Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.



This guide assumes that you have the sshd daemon installed, configured, and running. See Secure Shell for more information.


Scponly resides in [community] and can be installed like any other package:

# pacman -S scponly

If you have a user already created, simply set the user's shell to scponly

# usermod -s /usr/bin/scponly username

That's it. Go ahead and test it using your favorite sftp client.

Adding a chroot jail

  • Create chroot
# cd /usr/share/doc/scponly/
# ./
  • Provide answers
  • Check that /path/to/chroot has root:root owner and r-x for others
  • Change shell for selected user to /usr/sbin/scponlyc
  • sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib