ChrootDirectory security
LDB
thesource at ldb-jab.org
Sun Mar 29 10:20:06 EST 2009
Alexander Prinsier wrote:
> Hello,
>
> I've tried many places, finally ending up here to ask my question: why
> is it so vital that the directory used with the ChrootDirectory
> directive is root-owned?
>
> Like many people I'm trying to use this in a webhosting environment
> where several users get sftp-only access to some directory, usually
> something like /home/user/web/part-of-website.
>
> I can be sure that there are no setuid binaries in /home, so that rules
> out some possible vulnerabilities. Could anyone tell me what other
> problems a non-root-owned chroot directory could create?
>
> Thanks!
>
> (Please CC me).
>
> Alexander
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
I would say this pretty much answers your questions ...
http://unixwiz.net/techtips/chroot-practices.html
More information about the openssh-unix-dev
mailing list