SFTP chroot jail / access basado en comodín

Quiero dar una list de personas con acceso SFTP a / webdocs / ABC * donde leerán y escribirán acceso a solo directorys que coincidan con este comodín. ¿Cómo hago esto? ¿Puedo crear un chroot jaill u otro método a través de SFTP para que estos usuarios solo vean / accedan al comodín?

Dentro del file sshd_config que es lo que configura las instalaciones de sftp, puede hacer lo siguiente:

 AllowGroups sftponly Match Group sftponly ChrootDirectory /webdocs/ABC ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no PasswordAuthentication yes 

Aunque no creo que vaya a hacer comodines. Por lo tanto, deberá crear instancias separadas de estas reglas dentro del file.

ChrootDirectory

extracto de la página man de sshd config

 $ man sshd_config ... ChrootDirectory Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory. The pathname may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. The ChrootDirectory must contain the necessary files and directories to support the user's session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and tty(4) devices. For file transfer sessions using “sftp”, no additional configuration of the environment is necessary if the inprocess sftp server is used, though sessions which use logging do require /dev/log inside the chroot directory (see sftp-server(8) for details).