again chroot
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Sat Nov 17 02:22:28 EST 2001
I can provide you with a patch that has been floating around (and I've
used to some extent) for chroot sftp-server, but I do chroot() oddly over
here to handle the ~/.ssh/ case. (No user ownes their ~/ and theire .ssh
is root owned and chmod 000). So it is not extazct what Markus suggests.
- Ben
On Fri, 16 Nov 2001, Manfred Heubach wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: Markus Friedl [SMTP:markus at openbsd.org]
> > Gesendet am: Donnerstag, 15. November 2001 20:09
> > An: Manfred Heubach
> > Cc: 'openssh-unix-dev at mindrot.org'
> > Betreff: Re: again chroot
> >
> >
> > make sftp-server setuid root and let it do the chroot itself,
> > depending on a config file, like /etc/sftp-chrootusers
> >
> > but you have to be careful. chroot $HOME is
> > probably not really save if .ssh is writeable to
> > the user. and so on.
> >
> > -m
>
> Dear Markus,
>
> how do I tell sftp-server about a file like /etc/sftp-chrootusers? I can't
> find any corresponding option. Is this already implemented or do I have to
> do the programming by myself?
>
> Regards
> Manfred
>
More information about the openssh-unix-dev
mailing list