Fwd: Permissions in chroot SFTP
Jim Knoble
jmknoble at pobox.com
Thu Nov 13 09:41:37 EST 2008
Circa 2008-11-11 06:39 dixit Carlo Pradissitto:
: I configured openssh 5.1p1 for sftp server.
:
: Here the specifications in sshd_config file:
:
: Subsystem sftp internal-sftp
: Match Group sftp
: ForceCommand internal-sftp
: ChrootDirectory /home/%u
: AllowTcpForwarding no
:
: When a user is logged in, he can't upload his document and he receives
: this message:
:
: carlo at Music:~$ sftp user at 213.217.147.123
: Connecting to 213.217.147.123...
: user at 213.217.147.123's password:
: sftp> put prova
: Uploading prova to /prova
: Couldn't get handle: Permission denied
: sftp>
[...]
You don't want the user to have write permissions to the chroot
directory. If you do, the user has the potential to gain root
privileges inside the chroot.
Best is to make the chroot directory owned by root, as sshd is trying to
tell you. Create a user-writable directory under the chroot directory
instead.
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing. --Aldous Huxley|
+----------------------------------------------------------------------+
More information about the openssh-unix-dev
mailing list