running debian; trying to determine best solution for an SFTP server.

vsftpd appears to be my current best choice, mostly because it's supported by the distribution; but i'm not sure it meets my needs.
ADDENDUM: NOT. vsftpd does NOT have ANYTHING to do w/ SFTP! what a POORLY named package!!!
I know mysecureshell meets my needs; but it's a sourceforge project, and not directly supported by the deb dist.

Here's where my needs cause problems - especially with chroot/openssh:
i have 2 classes of users on this sftp server.
"users" and "managers". The problem is that managers need group "rw" rights, and normal chroot does not allow for ANY group "w" rights.

users must be chroot'ed to /home/chroot/home/<username>.
users belong to the chroot group (sshd Matching).
their home dir down, need all be group owned by chmgr.
home dir down; should all be chmod 770(dir)/660(files). so <user> and managers (chmgr group) all have rw access to files, and rwx /dirs; with other having no rights at all.

managers ideally chroot'ed to /home/chroot/home.
they can access all <username> folders, and transfer files in/out of each.
they belong to the chmgr group.


so - yes, i know i can chmod 750 the <username> dir, and then use sub-dir's under that are chmod 770; but this is messy, and forces another layer of dir's i'd prefer not to have.

SCRATCH THIS:
so i guess my main question, simply is - can i do what i want with:
- vsftpd ? (preferred as is dist. supported) WRONG - NO SFTP AT ALL!
- other ?
- mysecureshell - i KNOW this will do what i want; but not dist. supported.

my question is even simpler now. what the hell do people use for SFTP that does a proper chroot under my conditions ???


what do demanding admin's choose as their preferred sftp server ?
TIA - Bob

Welcome to LQ!

I managed to do something similar using
http://askubuntu.com/questions/13442...to-their-homes

post from josircg dated Oct 25 '12 at 17:54

I never could get "Match Group" to work.
I noticed that the ChrootDirectory cannot be symlinked to a mount.

Good luck.

TYVM for your reply, Hab.

i have no problem getting "Match group" to work.
my main problem is I wanted to avoid having to have a whole 'nother dir under the users' home dir, JUST because openssh won't chroot without "%h" being owned by root, and NO group "w" perms.

I NEED a group "w" so managers can access various <user %h> dir's.
and needing to put a dir under %h for no other reason than to provide <user> ownership, and group "w" seems sloppy, confusing, and outright silly.

i've still not found a "clean" way to do this....
"MySecureShell" does a FAR better job, but it's not supported on the wheezy dist. So that's not my first choice....

I have never delved into chroot.
Sorry about that.

Others here will chime in, don't despair

Happy New Year!