sftp-server and chroot

[Jonas Lehmann]

Hi,

It's a shame that the sshd/sftp-server programs do not support chroot and 
sftp-only users.  As far as I can tell, there's a patch availble that 
modifies OpenSSH to chroot() based on a specific entry in /etc/passwd.

Since, I personally, do not enjoy applying unofficial patches to released 
programs, I was looking for an alternative but found none.

I've written a small sample program 'sftpsh' which acts as a shell 
replacement for sftp-only users.   The 'sftpsh' is assigned to users in 
/etc/passwd and is used instead of fully functional shells such as 
/bin/bash.

'sftpsh' is primitive and only performs two tasks.  First it changes the 
root directory to the user's home directory (chroot($HOME)) and then it 
exec's the 'sftp-server'.   Since chroot() can only be invoked successfully 
as root, 'sftpsh' unfortunately has to run as root.  The first thing 
'sftpsh' does is chroot() followed by resetting the uid/gid.

The source for 'sftpsh' is available from 
http://www.jonaslehmann.info/linux/sftpsh.c .

If there's a more official way to accomplish this without patching or 
additional programs, I'd appreciate pointers.

Regards,
-Jonas


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.