sshd_config ChrootDirectory ambiguity...

Robert Waite winstonwaite at gmail.com
Fri Nov 6 07:22:18 EST 2009


Ah ha! I got ya. Makes perfect sense now. I had showed it to an admin and
also an old school linux kernel hacker and both were confused as well.
Thanks for the quick response (to Scott as well)!

On Thu, Nov 5, 2009 at 2:53 PM, Markus Friedl <markus.r.friedl at arcor.de>wrote:

> all components of the pathname
>
> On Thu, Nov 05, 2009 at 02:38:05PM -0500, Robert Waite wrote:
> > Under "ChrootDirectory" there is a line that says,
> >
> > "This path, and all its components, must be root-owned directories
> > that are not writable by any other user or group."
> >
> > When I first read this "all its components" seemed to mean that
> > all directories and files within this directory must be root owned
> > and root only writable. This seemed odd as I would not be able
> > to allow uploads if this was true.
> >
> > In this ChrootDirectory I have three folders. I set them all to be
> > owned by a non root user and writable by a group. When I log in, it
> > works just as I hoped and I am able to upload now.
> > I would have figured at the very least that "all its components" would
> > mean that direct children of the ChrootDirectory would have to have the
> > above mentioned restrictions. However, it did work.
> >
> > So my question is... what is meant by "all its components"?
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list