chrooting/jailing - put it in the FAQ?

Peter Watkins peterw at usa.net
Sat May 25 14:33:47 EST 2002


On Thu, May 23, 2002 at 06:20:12PM -0500, Ben Lindstrom wrote:

> Why don't you just change the user's shell to /path/to/scpjail ?  By doing
> it this way you capture all subsystems, standard logins and remote
> commands by just reading the command line and looking at anything past
> the first -c.  I don't see a reason why one needs to use command="".
> 
> The other question is should SSH_ORIGINAL_COMMAND reflect subsystem calls?

I'd like to suggest that the official OpenSSH FAQ cover the chroot topics.
Chroot jails, whatever folks may think of their merits, are frequently
requested. It would be wonderful if the core team could use the FAQ to
explain the development position and perhaps outline suggested ways that
admins could implement chroot jails, via small wrappers, alternate shells,
whatever.

-- 
Peter Watkins - peterw at tux.org - peterw at usa.net - http://www.tux.org/~peterw/ 
Private personal mail: use PGP key F4F397A8; more sensitive data? Use 2D123692



More information about the openssh-unix-dev mailing list