LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-21-2006, 02:47 PM   #1
ctb123
LQ Newbie
 
Registered: Jun 2006
Posts: 4

Rep: Reputation: 0
chroot sftp - restritct home directory access


I have a working chrooted sftp setup using rssh. The users log into their accounts and they are kept within /home/chroot. The chroot is laid out like:
/home/chroot
/home/chroot/dev
/home/chroot/etc
/home/chroot/home
/home/chroot/home/user1
/home/chroot/home/user2
/home/chroot/lib
/home/chroot/usr

When user1 logs into their account they are able to move up the directory tree to /home/chroot/home and go into user2's home directory. How do I prevent this?

Thanks,
Zach
 
Old 12-22-2006, 09:15 AM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hi Zach,
If they are able to traverse doesnt it defeat the very purpose of having a chroot jail? The user should basically not see anything except his home directory and not be able to browse directories at all.

I havent done a chroot with sftp but I believe its not allowed as this link suggests.
http://chrootssh.sourceforge.net/docs/chrootedsftp.html

There apparently seems to be a patch however .. so you might want to search around on this page.

Just incase you feel you dont want to apply this patch and still want to use FTP I would suggest trying out Vsftpd. I can vouch that it's chroot mechanism does work. Incase you need help setting Vsftpd lemme know..I'll pass on my exact config file so you can use it as a reference.

Remember that you will need to copy binaries and libraries used by Sftp into the jail as well to have it fully functional... Here's a link:

http://www.netadmintools.com/art294.html

Cheers
Arvind
p.s.... Seriously though.. go for Vsftpd compiled with SSL if its not too much to ask of your firewall. Your call

Last edited by live_dont_exist; 12-22-2006 at 09:18 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP - home directory turbo_acura Linux - Software 3 05-17-2006 12:37 PM
SFTP - limit to home directory turbo_acura Linux - Software 1 05-16-2006 09:37 AM
vsftpd home directory and chroot avante Linux - Networking 4 03-17-2003 02:56 AM
Jailing SFTP Users to Home directory Jason_25 Linux - Networking 3 01-06-2002 09:32 PM
Chroot (FTP,Home Directory) Thanewbie Linux - Security 2 05-14-2001 03:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration