LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-19-2009, 12:42 PM   #1
lensem
Member
 
Registered: Apr 2008
Location: Orlando, Fl
Posts: 52

Rep: Reputation: 15
sftp chroot - Red Hat 5.3


I am running Red Hat 5.3 and had a request to setup a user for sftp, and I want to lock the login id to the home directory, just as I am doing for normal ftp using vsftpd...

I added the line: ftpleaps /home/ftpleaps
to the /etc/security/chroot.conf file.
Added the line:
session required pam_chroot.so debug
to the /etc/pam.d/sshd file.

And created the user, ftpleaps that will be using sftp...

Using this ID I can sftp into teh server just fine, but I am still able to change to different directories, I'm not locked into just the home directory...

Any ideas as to what I may be missing ??
 
Old 08-19-2009, 02:58 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Coincidentally I've been working on the same thing. (chroot sftp).

I'd tried Jailkit which looked promising but it is only really documented for Debian so I had issues.

Now I'm on my way to doing rssh instead.
Reading the 4 articles in this series will likely get you going though I haven't finished my own implementation yet so won't guarantee it.
At least it ought to save you some time on research though.
http://www.cyberciti.biz/tips/rhel-c...ssh-shell.html

By the way apparently there is a newer openssh in the world that will have built in sftp restriction capbality. Also supposedly that newer version is in the 5.4 beta. I haven't explored that yet but if you wanted to you could probably download the new stuff and compile it yourself. I chose not to do it because I'd prefer to keep things as close to RHEL standard as possible.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Tutorial: Red Hat / CentOS - Chroot Apache 2 Web Server LXer Syndicated Linux News 0 12-25-2008 02:40 AM
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 08:10 AM
There is no chroot folder in red hat enterprise bind Niceman2005 Linux - Software 2 12-14-2005 08:39 PM
sftp + chroot ... almost schwing Linux - Software 1 10-26-2003 08:31 PM
Sftp and chroot axman Linux - Security 4 10-02-2003 04:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration