Is there any method, with ChrootDirectory and internal-sftp, to automatically cd to a subdir on login?

Whit Blauvelt whit at transpect.com
Fri May 18 03:08:54 EST 2012


On Thu, May 17, 2012 at 12:29:26AM +0200, Ángel González wrote:
> On 16/05/12 23:27, Peter Stuge wrote:
> > Ángel González wrote:
> >> Peter Stuge wrote:
> >>> set the home directory to /files for the relevant users
> >> If the user folder is /home/username, just change the
> >> ChrootDirectory to /home/%u, and then make their home
> >> /home/user1/files
> > As I wrote, the home directory should be /files in that case.
...
> Right. Sorry for the confusion. Their home directory should be /files,
> which would map to /home/user1/files, but you set it to /files

Thanks for the clarifying advice. I hadn't realized that the home directory
cd'd to is relative to the chroot. 

I still can't see how to get this to suffice in my setup though. For one
thing it's not a single directory branch. There are users at

  /path/one/userXdir and
  /path/two/userYdir

Also 

  userXdir != userid

so /home/%u does not capture the layout. I need some way to work from the
home dir as given in /etc/passwd, so that it would chroot to that and then
cd to

  /path/one/userXdir/files

The problem with the OpenSSH approach described so far is that there's no
apparent way to specify the chrootdir for systems with more complicated
layouts than can be expressed in a formula like /home/%u. Or can it?

Whatever the weakness of scponly's design, the specification of a home dir
takes the form of

  /path/one/userXdir//files

resulting in a chroot to /path/one/userXdir/ and a cd to /files. So it
handles a situation where there's both a /path/one and a /path/two fine, and
where the userXdir != uid. It would still be good to find a way to get
equivalent functionality using the OpenSSH internal sftp without scponly,
but from my clearer understanding now, it looks like there's no way.

Thanks again,
Whit


More information about the openssh-unix-dev mailing list