Feature request: allow chrooted directory writable by others
Phil Pennock
phil.pennock at globnix.org
Wed Jul 17 05:48:29 AEST 2019
On 2019-07-15 at 12:24 +0200, Ramón García wrote:
> I am in trouble because sshd refuses to chroot to a directory that is
> writable by users other than the owner.
[...]
> And when one has to work
> with a speficied directory layout, required for compatibility with
> existing applications, it makes it very hard to implement a sftp file
> server.
Have you considered using a "bind mount", or "nullfs mount", depending
upon the OS you're using?
If you have one directory layout for compatibility with one application,
you don't need to use the same layout for another application: you can
construct "views" to present the layout needed.
So you'd make a "proper" root directory, with sensible permissions,
`/dev/` and `/etc/` already existing and protected, but then use a
remapping mount ("bind" on Linux, "nullfs" on FreeBSD, other names
elsewhere) to make the tree _also_ available here. You don't need to
let one app dictate layout and permissions to every other app.
Regards,
-Phil
More information about the openssh-unix-dev
mailing list