chroot sftp-server [PATCH]
Patrick Higgins
phiggins at transzap.com
Thu May 24 10:25:00 EST 2001
I'm working on setting up a semi-trusted sftp service, and to get it
working, I need chroot capability.
I've taken the /./ wuftpd magic token code from contrib/chroot.diff and
put it into the sftp server. The main problem is that privileges have
been dropped by the time the subsystem is exec'ed, so my patch requires
that sftp-server be setuid root. Not ideal, I know, but I drop all
privileges immediately after chroot'ing.
There's probably a better way to find out what the home directory should
be, but I'm currently just using $HOME (only chrooting if it contains
/./, though). I can't use getpwuid(getuid()) because I'm mapping several
users (with different $HOME's) to a single uid. Any ideas?
I've attached my patch. Hopefully it's useful to someone else.
Have you given more thought to how you'd ultimately like this to work,
Markus?
-Patrick Higgins
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sftp-chroot.diff
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010523/fb1859c5/attachment.ksh
More information about the openssh-unix-dev
mailing list