[Bug 177] chroot tools for OpenSSH 3.1p1
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 22 08:43:19 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=177
------- Additional Comments From nkadel at bellatlantic.net 2002-03-22 08:43 -------
Well, it wasn't my original idea, I'm just trying to get it implemented
cleanly. It's not "common behavior" for rather different chroot environments,
such as the limited environment of ftpd. That works for anonymous ftpd logins
because the ftpd remains present as the user's interactive shell, interpreting
their commands. To do this for OpenSSH, sshd or something like it would have to
be use some kind of restricted shell, maintained and forked off, and it would
prohibit local user login.
By using the "/./" as a flag for the local user, the chroot behavior remains
under root control, the user can use any shell the admin is willing to install
for them, and once can even created shared environments as follows.
nkadel:*:1000:1000:Shared SSH chroot for
Nico:/home/shared/./../nkadel:/bin/bash
If I log in locally, or look for my email, I wind up in /home/nkadel. If I come
in via SSH, I wind up in /home/shared.
This as opposed to:
nkadel2:*:1000:1000:chroot SSH for Nico:/home/nkadel/./:/bin/bash
For this, I'd wind up in /home/nkadel in a chroot cage.
Does this make sense? I'd welcome better ideas.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list