Directory permissions in chroot SFTP

Michael Masterson mjmasterson at xo.com
Thu Jan 14 10:03:12 EST 2010


>Right, this is on purpose. We ban this because allowing a user write
>access to a chroot target is dangerously similar to equivalence with
>allowing write access to the root of a filesystem.



Could you tell me what the *real* dangers of allowing SFTP only users to write to their directories?

we've got a server with a few hundred users that we need to chroot, and would prefer not to have to change what directories they end up in,
and all the users have to have their files placed in the directories by another non-root user, basically, we've got a couple hundred external
customers that sftp in and either pick up, or drop off files, and an internal user process that puts the files in the directories or picks them up.

changing how all those users access would take well over a year...

-- 
MM
work: 972-509-2375, mobile:469-576-1908

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mjmasterson.vcf
Type: text/x-vcard
Size: 290 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100113/992bf694/attachment.vcf>


More information about the openssh-unix-dev mailing list