ChrootDirectory security

Alexander Prinsier aphexer at mailhaven.com
Sun Mar 29 06:21:50 EST 2009


Hello,

I've tried many places, finally ending up here to ask my question: why
is it so vital that the directory used with the ChrootDirectory
directive is root-owned?

Like many people I'm trying to use this in a webhosting environment
where several users get sftp-only access to some directory, usually
something like /home/user/web/part-of-website.

I can be sure that there are no setuid binaries in /home, so that rules
out some possible vulnerabilities. Could anyone tell me what other
problems a non-root-owned chroot directory could create?

Thanks!

(Please CC me).

Alexander


More information about the openssh-unix-dev mailing list