sftp chroot requirements

Stephan Leemburg sleemburg at it-functions.nl
Sat May 2 00:24:51 AEST 2015


Is there any security reason why the last component of a chroot path
is required to be owned by root and not by the user that is chroot-ed
into that path?

I have tried to think of a reason, but cannot find any except for when
several accounts are chrooted into the same directory. But if that is not
the case, then, is there any security consideration?

If not, then it seems to me that permitting the last component to be owned
by the user that is chrooted into it (maybe by a configuration option) would
be very comfortable.

I am currently in the process of - graduately - changing a chrooted vsftpd
environment into a chrooted sftp setup. For time being, both must run 
simultanious until every 'user' has been migrated. This is an operational
environment, that is used for uploading teletekst data for the Dutch national
broadcasting agency, so it must continue to function.

The homedirectories into which vsftpd chroot the users are owned by the users.
They write directly into their home directories. Changing that will break
interfaces. So, if chroot-sftp would - optionally - allow the final component 
to be owned by the user that would work.

I'm looking forward to hear about the rationale why all components should be
owned by root, or if the last component indeed does not have to be.

Kind regards,

More information about the openssh-unix-dev mailing list