again chroot

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Sat Nov 17 02:22:28 EST 2001


I can provide you with a patch that has been floating around (and I've
used to some extent) for chroot sftp-server, but I do chroot() oddly over
here to handle the ~/.ssh/ case.  (No user ownes their ~/  and theire .ssh
is root owned and chmod 000).  So it is not extazct what Markus suggests.

- Ben

On Fri, 16 Nov 2001, Manfred Heubach wrote:

> > -----Ursprüngliche Nachricht-----
> > Von:	Markus Friedl [SMTP:markus at openbsd.org]
> > Gesendet am:	Donnerstag, 15. November 2001 20:09
> > An:	Manfred Heubach
> > Cc:	'openssh-unix-dev at mindrot.org'
> > Betreff:	Re: again chroot
> >
> >
> > make sftp-server setuid root and let it do the chroot itself,
> > depending on a config file, like /etc/sftp-chrootusers
> >
> > but you have to be careful. chroot $HOME is
> > probably not really save if .ssh is writeable to
> > the user. and so on.
> >
> > -m
>
> Dear Markus,
>
> how do I tell sftp-server about a file like /etc/sftp-chrootusers? I can't
> find any corresponding option. Is this already implemented or do I have to
> do the programming by myself?
>
> Regards
> Manfred
>




More information about the openssh-unix-dev mailing list