Would it be posible to make more flexible the checks for chroot directories?
Ramón García
ramon.garcia.f at gmail.com
Fri Aug 4 03:25:46 AEST 2023
When I try to setup an Openssh server the error appears when I attempt to login:
fatal: bad ownership or modes for chroot directory component "/"
The problem with this check is that it forces me to make my setup less
secure. In my setup, openssh is running inside a container. The home
directory appears to be owned by nobody, but it is actually owned by
root of the host machine, and for further security, this root user is
not accessible inside the container. Thus, even if someone finds a
vulnerability in Openssh and is able to run as the root user, he is
inside the container, and cannot write to most of the directories of
the container.
So this check makes it more difficult to improve the security of my system.
Could you please consider an option to disable this check or to make
it more flexible? For me, an alternative user to "root" for the check
would be enough.
More information about the openssh-unix-dev
mailing list