Mac – Setting Up a Chroot User/Group for SSH

“A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a “chroot jail”.”


Why would someone want to do this? Well sometimes a user doesn’t need access to the entire filesystem and every command to do what they need to do. In my case, I was setting up an SSH SOCKS proxy for some outside¬†collaborators¬†and wanted to limit access to what that SSH user could do on the command line since they didn’t need it. I’ll show you step by step how to set up a chroot jail environment after the jump.

Continue reading