linux – SFTP文件限制

ChrootDirectory
             Specifies a path to chroot(2) to after authentication.  This
             path,and all its components,must be root-owned directories that
             are not writable by any other user or group.  After the chroot,sshd(8) changes the working directory to the user's home directo-
             ry.

             The path may contain the following tokens that are expanded at
             runtime once the connecting user has been authenticated: %% is
             replaced by a literal '%',%h is replaced by the home directory
             of the user being authenticated,and %u is replaced by the user-
             name of that user.

             The ChrootDirectory must contain the necessary files and directo-
             ries to support the user's session.  For an interactive session
             this requires at least a shell,typically sh(1),and basic /dev
             nodes such as null(4),zero(4),stdin(4),stdout(4),stderr(4),arandom(4) and tty(4) devices.  For file transfer sessions using
             ``sftp'',no additional configuration of the environment is nec-
             essary if the in-process sftp server is used,though sessions
             which use logging do require /dev/log inside the chroot directory
             (see sftp-server(8) for details).

             The default is not to chroot(2).