Hello, Is there any security reason why the last component of a chroot path is required to be owned by root and not by the user that is chroot-ed into that path? I have tried to think of a reason, but cannot find any except for when several accounts are chrooted into the same directory. But if that is not the case, then, is there any security consideration? If not, then it seems to me that permitting the last component to be owned by the user that is chrooted into it (maybe by a configuration option) would be very comfortable. I am currently in the process of - graduately - changing a chrooted vsftpd environment into a chrooted sftp setup. For time being, both must run simultanious until every 'user' has been migrated. This is an operational environment, that is used for uploading teletekst data for the Dutch national broadcasting agency, so it must continue to function. The homedirectories into which vsftpd chroot the users are owned by the users. They write directly into their home directories. Changing that will break interfaces. So, if chroot-sftp would - optionally - allow the final component to be owned by the user that would work. I'm looking forward to hear about the rationale why all components should be owned by root, or if the last component indeed does not have to be. Kind regards, Stephan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
