Re: A confined sftp user

Dominick Grift <dominick.grift@xxxxxxxxx> · Wed, 08 Feb 2012 15:10:25 +0100

On Wed, 2012-02-08 at 14:15 +0000, Miroslav Grepl wrote:

> What OS? 
> 
> We have sftp+chroot+SELinux in Fedora16/17/RHEL6.2. You could chroot
> users in their home directories and then after sftp on a machine, a
> user will run in the "chroot_user_t" domain.
> 
> This domain has these accesses by default
> 
> userdom_read_user_home_content_files(chroot_user_t)
> userdom_read_inherited_user_home_content_files(chroot_user_t)
> userdom_read_user_home_content_symlinks(chroot_user_t)
> userdom_exec_user_home_content_files(chroot_user_t
> 
> and the "ssh_chroot_rw_homedirs" boolean.
> 

You might want to write a blog about how this is supposed to work and
how chroot_user_t differs from sftpd_t.

> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux