Mailing List Archive: OpenSSH: Dev

chroot to dir per user?

Index | Next | Previous | View Threaded

karlis.repsons at gmail

Oct 22, 2009, 12:44 PM

Post #1 of 4 (878 views)
Permalink

chroot to dir per user?

Hi there,

let me just ask if you know some good way to set up user chrooting in such a
way, that each sftp user has its chroot directory entry somewhere (whatever
path) and gets chrooted there upon its login? Maybe such feature is planned?
Thanks...

K.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

djm at mindrot

Oct 22, 2009, 1:39 PM

Post #2 of 4 (847 views)
Permalink

Re: chroot to dir per user? [In reply to]

On Thu, 22 Oct 2009, K?rlis Repsons wrote:

> Hi there,
>
> let me just ask if you know some good way to set up user chrooting in such a
> way, that each sftp user has its chroot directory entry somewhere (whatever
> path) and gets chrooted there upon its login? Maybe such feature is planned?
> Thanks...

Yes, read the sshd_config(5) manpage and search for ChrootDirectory.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

karlis.repsons at gmail

Oct 22, 2009, 2:01 PM

Post #3 of 4 (840 views)
Permalink

Re: chroot to dir per user? [In reply to]

On Thursday 22 October 2009 20:39:56 Damien Miller wrote:
> On Thu, 22 Oct 2009, K?rlis Repsons wrote:
> > Hi there,
> >
> > let me just ask if you know some good way to set up user chrooting in
> > such a way, that each sftp user has its chroot directory entry somewhere
> > (whatever path) and gets chrooted there upon its login? Maybe such
> > feature is planned? Thanks...
>
> Yes, read the sshd_config(5) manpage and search for ChrootDirectory.

ChrootDirectory together with Match, right? Perhaps awfully wrong for some
reason, but what would happen, if chroot target directory/its contents
wouldn't be root owned? For allowing some users/groups sftp access only to
their content it seems logical and usable, that they own those directories...
Is it then a dead end?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

djm at mindrot

Oct 22, 2009, 2:32 PM

Post #4 of 4 (845 views)
Permalink

Re: chroot to dir per user? [In reply to]

On Thu, 22 Oct 2009, K?rlis Repsons wrote:

> On Thursday 22 October 2009 20:39:56 Damien Miller wrote:
> > On Thu, 22 Oct 2009, K?rlis Repsons wrote:
> > > Hi there,
> > >
> > > let me just ask if you know some good way to set up user chrooting in
> > > such a way, that each sftp user has its chroot directory entry somewhere
> > > (whatever path) and gets chrooted there upon its login? Maybe such
> > > feature is planned? Thanks...
> >
> > Yes, read the sshd_config(5) manpage and search for ChrootDirectory.
>
> ChrootDirectory together with Match, right? Perhaps awfully wrong for some
> reason, but what would happen, if chroot target directory/its contents
> wouldn't be root owned? For allowing some users/groups sftp access only to
> their content it seems logical and usable, that they own those directories...
> Is it then a dead end?

https://bugzilla.redhat.com/show_bug.cgi?id=522141 is what happens when this
restriction is relaxed.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads