[Bug 2048] Make chrooted sftp more user friendly using bind mount (solution suggested)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 22 01:36:17 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2048

bugmenot at mailinator.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugmenot at mailinator.com
             Status|RESOLVED                    |REOPENED
         Resolution|MOVED                       |---

--- Comment #2 from bugmenot at mailinator.com ---
Hi Damien, thanks for answer... It seems reasonable, but i'd like to
see at least some more generic way to get the job done. Eg. way to
specify some pre-login command:

Match group sftpusers

  PreLoginCommand sh -c 'mkdir /chroot/%u; mount -t bind %h /chroot/%u'

  ChrootDirectory /chroot/%u
  ForceCommand internal-sftp -d /%h



Well. i can do this using my pam module, however it's bit annoying to
build it, install and configure manually on multiple servers, when it
can be done simply by altering OpenSSH configuration (if openssh gets
patched a little).

And i can imagine that there's much more use for such feature... (like
mounting home directory for LDAP users, etc...). I personally like
OpenSSH because it is very versatile and i think this would make it
even more versatile.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list