LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-29-2015, 12:44 PM   #1
szejiekoh
LQ Newbie
 
Registered: Jun 2014
Posts: 28

Rep: Reputation: Disabled
why vsftp can do it, but openssh sftp cannot ? (chroot)


Dear all,

This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below

Code:
local_enable=YES
chroot_local_users=YES
I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.

without, the need to chmod or or chown anything to my /home/user directory

=============================================

With openSSH, internal_sftp, even though I have set the sshd_conf to

Code:
Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u
I will need to change owner my /home/user directory to have root becomes it owner.
============================================

Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?

Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.

Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.

Regards,
Noob
 
Old 02-13-2015, 12:28 PM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,254

Rep: Reputation: 314Reputation: 314Reputation: 314Reputation: 314
A1) Allowing chrooted users to write files into their home directory is a security problem (user with that permission can get root privileges). Why it works in vsftpd I don't known, either you have very old version or you have set allow_writeable_chroot=YES option.

A2) It works by utilizing chroot command which replaces current filesystem root to another one (for ex. /abc/def). So programs and users see contents of "/abc/def" when listing "/" and cannot see anything above real "/abc/def".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP logging for Chroot on CentOS 6.2 with openssh-5.3 not working (internal-sftp) RatherBFishin Linux - Server 1 08-30-2012 06:45 PM
[SOLVED] VSFTP and OpenSSH integration MarcusWebb1966 Gentoo 4 03-09-2011 10:12 AM
OpenSSH 4.7+ chroot-ed SFTP and CentOS 5.3 iSpaZZZ^ Linux - Software 2 06-04-2010 09:51 AM
openssh sftp johnh10000 Linux - Software 1 05-28-2010 03:13 PM
vsftp and sftp vonedaddy Linux - Software 29 12-26-2007 08:36 AM


All times are GMT -5. The time now is 02:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration