LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   chroot ssh/sftp on SuSE 9.2 Pro (http://www.linuxquestions.org/questions/linux-security-4/chroot-ssh-sftp-on-suse-9-2-pro-456603/)

ctb123 06-20-2006 11:49 AM

chroot ssh/sftp on SuSE 9.2 Pro
 
I have inherited a server at work that is currently running suse 9.2 professional and using sftp as the ftp protocol. Unfortunately it is not configured to chroot the users into their home directories. I have found several tutorials/detailed explanations on how to create one but they all involve moving users into a special directory and a lot of what I would call drastic changes to the system. This is currently a production system and the more minimal the changes are the better. I have noticed that vsftpd supports the ability to chroot a user in their home dir. If I can redirect ssh to use it that would be great. When I try to start the program it gives me the error:
Code:

500 OOPS: vsftpd: not configured for standalone, must be started from inetd
Any help would be great.

Thanks
Zach

MensaWater 06-20-2006 02:27 PM

ssh/sftpd and vsftpd are different things. You can use either but you can't have "ssh use vsftpd".

The message you're getting says that vsftpd is started from inetd (or maybe xinetd depending on your distro). This means that it only starts when an external connection is made to it as opposed to running all the time as a daemon. (Inetd/Xinetd is a daemon that looks for when to spawn things like vsftpd.). If your distro uses inetd then look at /etc/inetd.conf for configuration. If xinetd then look at the files in /etc/xinetd.d.

chroot'ing of any sort is designed to minimize the damage a connected user can do by only giving them access to a single directory. You can have chroot point to the existing directory for sftpd purposes so are misreading something if you think otherwise. Since chroot is designed to prevent user A from accessing anything other than user A's files then most tutorials assume you will have a chroot for user A then a different one for user B and another user C etc... but it is not required. This is not a function of sftdp or vsftpd but rather an additional layer of security.

ctb123 06-21-2006 11:21 AM

How do I have chroot point to the user's existing directory for sftpd purposes?

unSpawn 06-27-2006 08:45 AM

Have a look here: http://www.linuxquestions.org/questi...753#post298753 ?


All times are GMT -5. The time now is 12:04 AM.