chroot sftp-server [PATCH]
Andrew Bartlett
abartlet at pcug.org.au
Fri May 25 16:32:45 EST 2001
Damien Miller wrote:
>
> On Fri, 25 May 2001, Andrew Bartlett wrote:
>
> > Is there any way of making this work? This is the method I much prefer,
> > and was looking at implementing a while ago. I'm glad sombodies taken a
> > stab at it.
> >
> > I run SFTP specificly becouse it does not require a ROOT deamon (apart
> > from OpenSSH, which I run already) nor does it require a set-uid
> > binary. Hence my interest in this patch.
>
> I am not to fussed about a setuid sftp-server, so long as it does
> does chdir,chroot,setuid as its first actions. IMO this is preferable
> to patch-checking schemes which introduce complexity and may be
> possible to fool.
>
Unfortunetly it would (if I understand it correctly) break things like
symbolic links, if they were so unfortunate as to be absolute, rather
than relitive, would it not?
For example, i have a 'shared folder' system that uses links from
~/groupname to /home/groups/groupname. I was intending to restirct my
users to files under /home with a patch like this, as it seemed the best
solution.
Anyway, thats my two bobs worth.
Andrew Bartlett
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the openssh-unix-dev
mailing list