Hi, Thanks very much for all your replies. I've managed to get it to work in the following way: I copied the directories you create in your chroot jail (in my example the directories etc, lib, and usr in my chroot jail /home) to the individual ftp user's home folder: # pwd /home # ls -l total 24 drwxr-xr-x 2 root root 4096 Jun 15 10:41 etc drwx------ 3 ftpuser ftpuser 4096 Jun 15 11:20 ftpuser drwxr-xr-x 3 root root 4096 Jun 14 17:28 lib drwxr-xr-x 6 root root 4096 Jun 14 17:26 usr # cp -r etc ftpuser/ # cp -r lib ftpuser/ # cp -r usr ftpuser/ And then I modify /etc/rssh.conf and add an entry for that user: user=ftpuser:011:00010:"/home/ftpuser" # sftp with chroot And that works, it seems. :) I'm writing up a complete guide here: http://joedonner2001.wordpress.com/red-hat-el3/sftp-server-within-a-chro ot-jail but just note that it's not 100% accurate at the moment. Johan -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Karl Latiss Sent: 16 June 2007 10:05 To: General Red Hat Linux discussion list Subject: Re: Chrooted sftp on rhel3 On Fri, 2007-06-15 at 11:42 +0100, Johan Booysen wrote: > Hi everyone, > > I'm doing some tests setting up an sftp server, with setting up a > chroot jail for ftp users. > > Everything seems to be working fine, but "ftpuser" can cd to outside > his home directory (ftpuser cannot access the user1 or user2 > directories, but can get to etc, lib, and user), which ideally I don't > want. I've played around with setting different permissions, but only > the permissions below seem to work. > > In /etc/rssh.conf, I've got the following to set the chroot path: > chrootpath = /home > > # pwd > /home > # ls -l > total 24 > drwxr-xr-x 2 root root 4096 Jun 15 10:41 etc > drwx------ 3 ftpuser ftpuser 4096 Jun 15 11:20 ftpuser > drwx------ 4 user1 user1 4096 May 25 15:27 gmi > drwx------ 5 user2 user2 4096 Jun 14 16:54 jhb > drwxr-xr-x 3 root root 4096 Jun 14 17:28 lib > drwxr-xr-x 6 root root 4096 Jun 14 17:26 usr > > I've then also removed all entries from the copy of the passwd file in > /home/etc/passwd, so that only the ftp users' accounts appear in it. > > Any ideas on how to restrict access so ftp users are locked into their > own home directories - if that is even possible? It doesn't seem like > much of an issue to me, but I'd appreciate your thoughts. > What is ftpuser's shell and home directory? Also have you set allowsftp in /etc/rssh.conf ? There also may be some clues in /var/log/messages depending on what you have set logfacility to. -- Karl Latiss <karl.latiss@xxxxxxxxxxxxx> Atvert Systems -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
