Dear list,
I am using vsftpd on RHEL 4 update 6. All users are authenticated by ldap. This server is a ldap client. All users are virtual users and having same uidNumber and gidNumber in LDAP. Users entires are as follows --------
dn: uid=cito,ou=People,dc=example,dc=com
uid: cito
cn: na
gn: cito
sn: na
title: blank
userPassword: changeme
mailForwardingAddress:
cito@example.com
homeDirectory: /Maildir/cito
mail:
cito@example.com
mailMessageStore: /Maildir/cito/Maildir/
accountStatus: active
loginShell: /sbin/nologin
uidNumber: 1000
gidNumber: 1000
mailQuota: 104857600S
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: person
objectClass: extensibleobject
As user's home directory is /Maildir/cito, When cito logged in to vsftpd server, 'cito' user directly logged into /Maildir/cito.
VSFTPD is having chroot options like "chroot_local_user=YES", so, chrooting of vsftpd user is done easily. Although all the user's home directory pemission
are as follows under /Maildir ---
drwx------ vmail vmail cito
Here, vmail is the user who is having same uidNumber and gidNumber(1000) like ldap users. All the home directory of users are having same 700 and owned by vmail users.
Now, New requirement is ssh. Users can use either ftp or ssh. But these two should point the same location. here, /Maildir/uid (for example /Maildir/cito).
As sshd is running users can logged in via ssh also. and they are logged into their home directory (for example /Maildir/cito). but problem is chrooting.
Users should be restricted to their home directory only.
As the OS version is RHEL 4 update 6, it is having openssh-server-3.8 and chroot is available from openssh-server-4.9. I have tried with openssh-server-4.9
to build chroot enviornment. But still now not getting success. After doing some googling, I found that user's home directory format should be as follows --
/path_to_chroot/./home_directory
May be apart from this issue, I have missed some configuratios in chrooting. but still now I have tried this with system user. I found that in chroot directory /etc/passwd is required which will contain each chrooted user's entry. That means, although I am having ldap users, I have to create system users for this ssh which I dont want.
Here, if I change login shell in ldap, and give it to /bin/bash, User can logged in without any issue. But the same chroot problem exist.
What can be the next course of action in this scenario ?
Thanks in advance..............
Regadrs
anindya bhattacharjee