chroot directory ownership
Dmitry V. Levin
ldv at altlinux.org
Tue Feb 21 23:22:53 EST 2012
On Tue, Feb 21, 2012 at 12:40:31PM +0100, Dag-Erling Smørgrav wrote:
> Currently, sshd requires the chroot directory to be owned by root. This
> makes it impossible to chroot users into their own home directory, which
> would be convenient for sftp-only users. Is there a particular reason
> why, in safely_chroot() in session.c,
>
> if (st.st_uid != 0 || (st.st_mode & 022) != 0)
> fatal("bad ownership or modes for chroot "
> "directory %s\"%s\"",
> cp == NULL ? "" : "component ", component);
Most likely, this was made to ensure that the chroot directory itself is
not writable and cannot be made writable by the user, to avoid various
kinds of attacks.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20120221/2ff98642/attachment.bin>
More information about the openssh-unix-dev
mailing list