Re: SFTP chroot: Writable root

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 05/01/18 02:44, Thomas Güttler wrote:
I set up a chroot sftp server [...]
Is there a way to get both?

 - chroot

 - writable root

The source code (sftpd.c) seems to require that the root directory be owned by root and not group or world writable, so I think, no, not unless you make local source changes.

I wonder why you need writable root directory.  The normal way of setting up chroot sftp is to put the user directory under the chroot, so, for example, /sftp is the chroot, and /sftp/user is the directory that user uses for sftp.  You still need a home directory for that user, i.e. /home/user, to contain the .ssh directory and authorized_keys file, however, you set a ForcedCommand in /etc/ssh/sshd_config for that user, preventing the user from accessing any file outside of the chroot.  I've set this up recently, and the only disappointment I have is that (without a custom patch) I can't force permissions on uploaded files.

This advice assumes you do not want to allow the user to run any desired command.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux