On 2019-07-15 at 12:24 +0200, Ramón García wrote:
> I am in trouble because sshd refuses to chroot to a directory that is
> writable by users other than the owner.
[...]
> And when one has to work
> with a speficied directory layout, required for compatibility with
> existing applications, it makes it very hard to implement a sftp file
> server.
Have you considered using a "bind mount", or "nullfs mount", depending
upon the OS you're using?
If you have one directory layout for compatibility with one application,
you don't need to use the same layout for another application: you can
construct "views" to present the layout needed.
So you'd make a "proper" root directory, with sensible permissions,
`/dev/` and `/etc/` already existing and protected, but then use a
remapping mount ("bind" on Linux, "nullfs" on FreeBSD, other names
elsewhere) to make the tree _also_ available here. You don't need to
let one app dictate layout and permissions to every other app.
Regards,
-Phil
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
