chroot SFTP accounts
I had to create user accounts for customers
and give them access to
files to/from secured areas of our server.
We wanted to use
functionality to ensure
that no customer could see other customers' data,
and prevent them from poking around
potentially sensitive areas of the server.
After a bit of trial-and-error,
I've listed the lessons-learned here
in a cook-book fashion
so that in case I ever have to do it again,
I have the steps documented.
This post was spurred to exist thanks to this Reddit post asking about creating an encrypted FTP server on OpenBSD so my reply there became the basis for this post.