Remount Folder Read Only for sharing

[Mr. Gosh]

Hey,

we want to open an sftp share to our wan interface and because I don't want to trust the Unix permissions for reasons I want to create a read only view on a special folder.
I know from Linux, that this is possible, but how do I create something like this persistent in freenas?

Code:

mount -o remount,ro newdir

and than I want to put the ssh user in this as his home directory, and the best it would be to chroot the user to that directory...

How would you do something like that?

 

[anodos]

You may be better off doing the following:
1) Create a jail
2) Nullfs mount the sftp share's dataset into the jail read-only (can be done easily through the GUI via "add storage")
3) Create sftp chroot in jail restricting access to dataset
4) Expose sshd in jail to WAN

 

[SweetAndLow]

You may be better off doing the following:
1) Create a jail
2) Nullfs mount the sftp share's dataset into the jail read-only (can be done easily through the GUI via "add storage")
3) Create sftp chroot in jail restricting access to dataset
4) Expose sshd in jail to WAN

This is exactly what you should do. Don't put freenas directly on the internet. Freenas didn't get security updates but a jail will get updates.