sftp chroot requirements

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

Is there any security reason why the last component of a chroot path
is required to be owned by root and not by the user that is chroot-ed
into that path?

I have tried to think of a reason, but cannot find any except for when
several accounts are chrooted into the same directory. But if that is not
the case, then, is there any security consideration?

If not, then it seems to me that permitting the last component to be owned
by the user that is chrooted into it (maybe by a configuration option) would
be very comfortable.

I am currently in the process of - graduately - changing a chrooted vsftpd
environment into a chrooted sftp setup. For time being, both must run 
simultanious until every 'user' has been migrated. This is an operational
environment, that is used for uploading teletekst data for the Dutch national
broadcasting agency, so it must continue to function.

The homedirectories into which vsftpd chroot the users are owned by the users.
They write directly into their home directories. Changing that will break
interfaces. So, if chroot-sftp would - optionally - allow the final component 
to be owned by the user that would work.

I'm looking forward to hear about the rationale why all components should be
owned by root, or if the last component indeed does not have to be.

Kind regards,
Stephan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux