boblaublaw edited this page Oct 10, 2011 · 1 revision


  • logging: scponly logs time, client IP, username, and the actual request to syslog
  • chroot: scponly can chroot to the user's home directory, disallowing access to the rest of the filesystem.
  • sftp compatibility and sftp-logging compatibility
  • WinSCP 2.0 compatibility
  • rsync compatibility as a compile time option
  • UNISON compatibility
  • subversion compatibility
  • gFTP compatibility.
Instead of just a single anon user, scponly supports configuring potentially many users, each of which could could be set up to provide access to distinct directory trees. Aside from the installation details (see Install), each of these users would have their default shell in /etc/passwd set to "/usr/local/sbin/scponly" (or wherever you choose to install it). This would mean users with this shell can neither login interactively or execute commands remotely. They can however, scp files in and out, governed by the usual unix file permissions.

Notable ./configure Options

Here is the complete list of scponly specific configure options:

Disable Restrictive Filename Checks


Disable Wildcards


Disable gftp Compatibility


Enable WinSCP compatibility


Enable sftp Logging Compatibility


Enable UNISON Compatibility


Enable scp Compatibility


Enable rsync Compatibility


Enable chroot()-ed binary


Disable chroot() Directory Check


Enable svn Compatibility


Enable svnserv Compatibility


Enable passwd Compatibility


Enable quota Compatibility


Specify sftp-server Pathname


Default chdir