chroot'd SFTP
Darren Tucker
dtucker at zip.com.au
Sun Jul 29 13:28:11 EST 2007
Peter Stuge wrote:
> On Sun, Jul 29, 2007 at 12:46:13AM +0300, Richard Storm wrote:
>> /etc/ssh/sshd_config:
>> Match user share
>> X11Forwarding no
>> AllowTCPForwarding no
>> ForceCommand /usr/libexec/sftp-server -C %d
>>
>> pkill sshd; /usr/sbin/sshd
>> and done :)
>
> Couldn't one just use a wrapper script doing the equivalent of the
> patch and then exec:ing sftp-server ?
You could, but if you do the chroot before exec'ing sftp-server then you
would need to put all of the libraries used by sftp-server (and /dev
entries, and whatever else it wants at startup) inside each chroot.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list