ChrootDirectory %h

Peter Thomassen mail at
Sun May 3 03:17:26 EST 2009


Jefferson Ogata schrieb:
> You need to understand the sort of scenario that exists when you allow 
> users to control a directory that someone chroots to.

I now understood the security implications; thank you for your explanation.

But what about this (--> <gtccd8$p1q$1 at>)?

> 4.) A common application is to grant users SFTP access using the internal-sftp feature, and to force them into their home directories. Those users can't execute any binaries because command execution is handled by internal-sftp. In this case, there is absolutely not risk coming from setuid binaries.
> Suggestion: If ChrootDirectory is applied together with ForceCommand internal-sftp in the same context (configuration wide, or in a Match block), do not check for root ownership.

Do you think it is practical and justifiable in terms of security to 
relax this constraint in the limited scope of SFTP?

Because the problem raises mainly in the context of SFTP, this would 
help a lot of people.

Have a nice weekend,

More information about the openssh-unix-dev mailing list