On 05/01/18 02:44, Thomas Güttler wrote:
I set up a chroot sftp server [...]
Is there a way to get both?
- chroot
- writable root
The source code (sftpd.c) seems to require that the root directory be
owned by root and not group or world writable, so I think, no, not
unless you make local source changes.
I wonder why you need writable root directory. The normal way of
setting up chroot sftp is to put the user directory under the chroot,
so, for example, /sftp is the chroot, and /sftp/user is the directory
that user uses for sftp. You still need a home directory for that user,
i.e. /home/user, to contain the .ssh directory and authorized_keys file,
however, you set a ForcedCommand in /etc/ssh/sshd_config for that user,
preventing the user from accessing any file outside of the chroot. I've
set this up recently, and the only disappointment I have is that
(without a custom patch) I can't force permissions on uploaded files.
This advice assumes you do not want to allow the user to run any desired
command.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev