Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Users

Protecting a file in internal-sftp jail (chroot)

  

 
OpenSSH users RSS feed   Index | Next | Previous | View Threaded


eriberto at eriberto

Sep 25, 2009, 4:49 AM

Post #1 of 3 (1400 views)
Permalink
Protecting a file in internal-sftp jail (chroot)
Hi all,

I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
5.1p1). I followed the steps found at
http://www.debian-administration.org/articles/590 and it is working
fine. But I have a little problem. I am using this process to give
access to users put files in directories into /var/www (Apache) and
each directory has a .htaccess to force a password to access from a
browser.

My problem is: the jail user can delete the .htaccess file and I need
to prevent it. But, in jail, the user has root power.

Final question: how to make to protect a file in a jail made using
internal-sftp?

Thanks a lot in advanced.

Regards,

Eriberto - Brazil


racke at linuxia

Sep 25, 2009, 6:16 AM

Post #2 of 3 (1271 views)
Permalink
Re: Protecting a file in internal-sftp jail (chroot) [In reply to]
Eriberto wrote:
> Hi all,
>
> I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
> 5.1p1). I followed the steps found at
> http://www.debian-administration.org/articles/590 and it is working
> fine. But I have a little problem. I am using this process to give
> access to users put files in directories into /var/www (Apache) and
> each directory has a .htaccess to force a password to access from a
> browser.
>
> My problem is: the jail user can delete the .htaccess file and I need
> to prevent it. But, in jail, the user has root power.
>
> Final question: how to make to protect a file in a jail made using
> internal-sftp?
>
> Thanks a lot in advanced.

What about moving the directives in .htaccess into Apache configuration
file(s)?

That is faster anyway.

Regards
Racke


--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team


docks at gmx

Sep 28, 2009, 11:35 PM

Post #3 of 3 (1262 views)
Permalink
Re: Protecting a file in internal-sftp jail (chroot) [In reply to]
Eriberto,

If your filesystem supports it you can use the extended attribute immutable:

chattr +i .htaccess

So nobody should be able to modify the file.

Seb

Eriberto wrote:
> Hi all,
>
> I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
> 5.1p1). I followed the steps found at
> http://www.debian-administration.org/articles/590 and it is working
> fine. But I have a little problem. I am using this process to give
> access to users put files in directories into /var/www (Apache) and
> each directory has a .htaccess to force a password to access from a
> browser.
>
> My problem is: the jail user can delete the .htaccess file and I need
> to prevent it. But, in jail, the user has root power.
>
> Final question: how to make to protect a file in a jail made using
> internal-sftp?
>
> Thanks a lot in advanced.
>
> Regards,
>
> Eriberto - Brazil
>

OpenSSH users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.