chroot sftp - restritct home directory access
I have a working chrooted sftp setup using rssh. The users log into their accounts and they are kept within /home/chroot. The chroot is laid out like:
/home/chroot /home/chroot/dev /home/chroot/etc /home/chroot/home /home/chroot/home/user1 /home/chroot/home/user2 /home/chroot/lib /home/chroot/usr When user1 logs into their account they are able to move up the directory tree to /home/chroot/home and go into user2's home directory. How do I prevent this? Thanks, Zach |
Hi Zach,
If they are able to traverse doesnt it defeat the very purpose of having a chroot jail? The user should basically not see anything except his home directory and not be able to browse directories at all. I havent done a chroot with sftp but I believe its not allowed as this link suggests. http://chrootssh.sourceforge.net/docs/chrootedsftp.html There apparently seems to be a patch however .. so you might want to search around on this page. Just incase you feel you dont want to apply this patch and still want to use FTP I would suggest trying out Vsftpd. I can vouch that it's chroot mechanism does work. Incase you need help setting Vsftpd lemme know..I'll pass on my exact config file so you can use it as a reference. Remember that you will need to copy binaries and libraries used by Sftp into the jail as well to have it fully functional... Here's a link: http://www.netadmintools.com/art294.html Cheers Arvind p.s.... Seriously though.. go for Vsftpd compiled with SSL if its not too much to ask of your firewall. Your call :) |
All times are GMT -5. The time now is 08:08 PM. |