chroot directory ownership

Dag-Erling Smørgrav des at
Wed Feb 22 00:13:45 EST 2012

"Dmitry V. Levin" <ldv at> writes:
> Most likely, this was made to ensure that the chroot directory itself is
> not writable and cannot be made writable by the user, to avoid various
> kinds of attacks.

Sure, but *which* attacks?

Currently, if I don't want sftp-only users to see eachother's home
directories, I have to have two levels of directories: /home/$USER owned
by root and /home/$USER/$USER owned by the user.  Alternatively (note: I
haven't tested this) I can chmod o-rw /home so users can't ls /home but
can still access /home/$USER, but they'll be able to tell whether other
directories exist because they will get EPERM instead of ENOENT.  Not a
big deal, perhaps, but wouldn't it be simpler if you could just chroot
users to their ~?

Dag-Erling Smørgrav - des at

More information about the openssh-unix-dev mailing list