I've finally given Mionet the flick and am using ssh via Red Disk as a portal into MBW.
We essentially just use the MBW as centralised storage at home, and for that the standard Windows shares work fine. What we want to do is to extend the functionality using Red Disk so that we can use it while we are out and about (Red Disk is an SFTP client that works pretty much like a drive in Windows - but for all intents and purposes it's the same as WinSCP, just prettier and more windows like).
I want to have seperate logins for myself and my wife. The standard SFTP connection is fine for me, but I'd like to set up my wife's account so that she can't accidentally go up the directory tree out of the shares area, where she could accidentally cause problems. I've created the seperate accounts, and I can log in from both of them, but I don't know how to limit my wife's account to the shares area.
Is chroot my answer (it doesn't need to be secure - she'll never use terminal - it just needs to essentially stop the "cd .." going up beyond the shares directory (I could even live with it being restricted to Internal or Internal/DATA (which is where I've set her home directory). IF chroot is the answer, how do I implement it?
The other issue is to ensure that everything remains accessible from the windows computers behind the firewall, I assume that it's best making sure that all files belong to the www-data group. Is the best way of doing this by adding myself and my wife's account names to etc/groups after the final colon for the www-data group, or will this break things?
Thanks in advance.