OpenSSH 3.2.2 released : chroot
Pekka Savola
pekkas at netcore.fi
Sat May 18 23:54:22 EST 2002
On Sat, 18 May 2002, Dan Astoorian wrote:
> On Sat, 18 May 2002 06:10:31 EDT, Pekka Savola writes:
> > On Fri, 17 May 2002, Ben Lindstrom wrote:
> > > Out of interest why do you feel it's required to do chroot() at the
> > > OpenSSH level? Why don't you invest time into a shell that does the
> > > chroot() for you? That would work for telnet, ssh, etc. No need to
> > > clutter up OpenSSH with options that can easily be implemented at a higher
> > > level.
> >
> > One word: sftp.
>
> How is sftp different from any other application or subsystem?
Sftp is moderately self-sufficient.
Trying to invent a "magic bullet" for e.g. chrooting shell is rather
difficult and not really usable for most people (because of the troubles
with populating chroot directories; with sftp there is no such need).
So, really.. the only difference is pragmatic: sftp should be relatively
easy to chroot in practise -- in contrast to e.g. shell, and very usable
for most people ("ftp + chroot to homedirs replacement").
> If the user's login shell is a wrapper which calls chroot() and then
> runs a real shell, then sftp-server will be wrapped along with anything
> else the user could run via ssh.
A wrapper would be fine by me.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list