LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-11-2006, 02:19 PM   #1
mattdyke
LQ Newbie
 
Registered: Sep 2006
Distribution: Slackware 10.2, Slackware 11, Slackware 12.2, Slamd64 12.2, Slackware 13
Posts: 19

Rep: Reputation: 0
RSSH with SFTP or some other alternative


In the last few days i have been trying to configure a Jail enviroment for users that are to connect via SFTP. The problem that i am running into is that i cannot contain these users just to their home directories.

They seem to be able to brows right out of them and into the base directory for my jail. Is there a way so that they do not have the ability to leave their home directories, and not be able to view library files or other items that can be contained in there except for the ones they add or are given pemission to access?

If this functionality is not provided by Rssh could you please point me in the direction of either A) another program that can do this or B) a retail FTP over ssh product that can do the same thing.

Thanks for your time.
 
Old 10-11-2006, 05:36 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
If I understand what you want then you can set up the base directory of your jail the same way that I set up my /home directory.
Code:
/jail   root:users   710   (rwx--x---)
   |-/etc          root:users        710
   |-/lib            root:users        710 
   |-/usr           root:users        710
   |-/user01     user01:user01  770
   |-/user02     user02:user02  770
   |-/user03     user03:user03  770
The idea is that on the /jail directory the 'others' permission setting is zero, the group permission setting is execute only, and the owner permission is read, write, and execute. Then the owner is root and the group is users.

In my example I have the same permissions and ownership on the jailed system directories. You may need to loosen that depending on what how your applications work.

You can see that I have set the ownership of the users' home directories to the specific user as the owner and as the group. That is because I create a group for each new user. It comes in very handy when setting file permissions.

In your case you may have to have the directories owned by the root user and the ftp group. Or you may have to have the /jail directory owned by root:users but have 711 permissions. Hopefully you get the idea and you can play with it a bit.

Last edited by stress_junkie; 10-11-2006 at 05:43 PM.
 
1 members found this post helpful.
Old 10-12-2006, 09:13 AM   #3
mattdyke
LQ Newbie
 
Registered: Sep 2006
Distribution: Slackware 10.2, Slackware 11, Slackware 12.2, Slamd64 12.2, Slackware 13
Posts: 19

Original Poster
Rep: Reputation: 0
Thanks it worked!
I just cant figure out why i didnt think of that, i guess it was too much time working on the harder problems.
 
Old 10-12-2006, 01:21 PM   #4
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
I am gratified citizen.

IMO all user home directories should be set up like this.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
weird sftp/rssh problem cantabile Linux - Software 1 05-15-2006 11:24 AM
rssh/sftp chroot problem julz_51 Linux - Security 1 11-01-2005 03:50 PM
How do I use sftp to upload my web site? (no sftp tar command) johnMG Linux - Networking 6 06-21-2005 09:14 PM
sftp via rssh security questions plan9 Linux - Security 2 08-04-2004 10:38 AM
Files truncated by sftp/sftp-server at 65kb gato Linux - Networking 1 12-18-2003 10:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration