While using internal sftp server, need to access files outside chroot

Raghu Udupa rudupa at easylink.com
Fri Jun 8 07:14:35 EST 2012


Angel,

I need to provide a set of users only SFTP access. But files these users put need to be copied to a generic queue directory.

Your first solution of having a custom script to copy the file to generic queue dir would work. 

Can you think of a better way to move files given my requirements?

Thanks,
Raghu

-----Original Message-----
From: Ángel González [mailto:keisial at gmail.com] 
Sent: Thursday, June 07, 2012 5:03 PM
To: Raghu Udupa
Cc: 'openssh-unix-dev at mindrot.org'
Subject: Re: While using internal sftp server, need to access files outside chroot

On 07/06/12 22:47, Raghu Udupa wrote:
> Angel,
>
> When you say "You can make a binary setuid from outside the chroot" do you mean making my custom sshd (with patches required for sftp) to have setuid flag set?
>
> If I turn on setuid bit, sshd does not run properly.
> Could you give me some more detail regarding providing access out of chroot in ssh-sftp (internal sftp) environment?
>
> Thanks,
> Raghu
No. I was thinking on another program which lived inside the chroot and
was called to copy files outside.

I begin to wonder why you need to do so, though. Why do you chroot to a
folder if you then need to move the files anywhere else? What's your use
case?
If it's a simple drop box, you could use a unchrooted process watching
the folder and moving out new files.



More information about the openssh-unix-dev mailing list