ChrootDirectory on a per key basis

Teemu Ikonen tpikonen at
Fri Nov 14 06:47:10 EST 2008

On Sun, Oct 26, 2008 at 5:06 PM, Teemu Ikonen <tpikonen at> wrote:
> Damien Miller wrote:
>> No, letting users chroot to arbitrary directories introduces
>> serious security problems. Think about hard-linking /bin/su into
>> a chroot on the same filesystem where an attacker has filled in
>> a friendly /etc/passwd.
> OK, so adding chrootdir option to authorized keys is a bad idea.
> Another way to achieve my objective, which is additional sftp file access
> restrictions to connections authorized with certain keys, would be to modify
> sftp-server to accept a directory parameter. The authorized_keys could then
> have 'command="sftp-server -d /home/user/stuff"' option to restrict access
> to /home/user/stuff.

Hi again,

I implemented this in sftp-server.c, see the attached patch. The
access restriction is made by checking every received file argument
with a modified version of realpath() (named fakepath), which resolves
the given file name to a real path and fails if this path leads
outside of the directory given in the command line argument.

Comments on the patch (security and otherwise) would be very much welcome.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: restricted-sftp.diff
Type: text/x-patch
Size: 11380 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list