RE: Chrooted sftp on rhel3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The steps for setting up chrooted sftp on RHEL4 seem about 99.9% the
same as on RHEL3.

The only slight difference is that when you run the ldd command to copy
dependencies into your chroot jail, then those dependencies need a
couple of additional folders to be created in the jail, e.g.

# ldd /usr/bin/rssh
        libc.so.6 => /lib/tls/libc.so.6 (0x00988000)

And therefore you need to create the tls/ folder inside lib/ in the
chroot jail.

Otherwise the behaviour seems to be exactly the same.

Johan
 

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Johan Booysen
Sent: 19 June 2007 22:15
To: General Red Hat Linux discussion list
Subject: RE: Chrooted sftp on rhel3

I have no idea at the moment.

I tested what I did on RHEL3, but now it seems that I'm going to have to
use RHEL4 for the real thing.

I don't suppose it will differ much, and once I've done the same on
RHEL4 I'll let you know.

Johan 

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of John J. Culkin
Sent: 19 June 2007 21:06
To: General Red Hat Linux discussion list
Subject: Re: Chrooted sftp on rhel3

How would I go about creating a chrooted SFTP on RHEL 4 or  5?

Is the process much different?

Johan Booysen wrote:
> Hi,
>
> Thanks very much for all your replies.
>
> I've managed to get it to work in the following way:
>
> I copied the directories you create in your chroot jail (in my example

> the directories etc, lib, and usr in my chroot jail /home) to the 
> individual ftp user's home folder:
>
> # pwd
> /home
> # ls -l
> total 24
> drwxr-xr-x    2 root     root         4096 Jun 15 10:41 etc
> drwx------    3 ftpuser  ftpuser      4096 Jun 15 11:20 ftpuser
> drwxr-xr-x    3 root     root         4096 Jun 14 17:28 lib
> drwxr-xr-x    6 root     root         4096 Jun 14 17:26 usr
>
> # cp -r etc ftpuser/
> # cp -r lib ftpuser/
> # cp -r usr ftpuser/
>
> And then I modify /etc/rssh.conf and add an entry for that user:
>
> user=ftpuser:011:00010:"/home/ftpuser"  # sftp with chroot
>
> And that works, it seems.
>
> :)
>
> I'm writing up a complete guide here:
>
> http://joedonner2001.wordpress.com/red-hat-el3/sftp-server-within-a-ch
> ro
> ot-jail
>
> but just note that it's not 100% accurate at the moment.
>
> Johan
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Karl Latiss
> Sent: 16 June 2007 10:05
> To: General Red Hat Linux discussion list
> Subject: Re: Chrooted sftp on rhel3
>
> On Fri, 2007-06-15 at 11:42 +0100, Johan Booysen wrote:
>   
>> Hi everyone,
>>
>> I'm doing some tests setting up an sftp server, with setting up a 
>> chroot jail for ftp users.
>>
>> Everything seems to be working fine, but "ftpuser" can cd to outside 
>> his home directory (ftpuser cannot access the user1 or user2 
>> directories, but can get to etc, lib, and user), which ideally I 
>> don't
>>     
>
>   
>> want.  I've played around with setting different permissions, but 
>> only
>>     
>
>   
>> the permissions below seem to work.
>>
>> In /etc/rssh.conf, I've got the following to set the chroot path:
>> chrootpath = /home
>>
>> # pwd
>> /home
>> # ls -l
>> total 24
>> drwxr-xr-x    2 root     root         4096 Jun 15 10:41 etc
>> drwx------    3 ftpuser  ftpuser      4096 Jun 15 11:20 ftpuser
>> drwx------    4 user1    user1        4096 May 25 15:27 gmi
>> drwx------    5 user2    user2        4096 Jun 14 16:54 jhb
>> drwxr-xr-x    3 root     root         4096 Jun 14 17:28 lib
>> drwxr-xr-x    6 root     root         4096 Jun 14 17:26 usr
>>
>> I've then also removed all entries from the copy of the passwd file 
>> in
>>     
>
>   
>> /home/etc/passwd, so that only the ftp users' accounts appear in it.
>>
>> Any ideas on how to restrict access so ftp users are locked into 
>> their
>>     
>
>   
>> own home directories - if that is even possible?  It doesn't seem 
>> like
>>     
>
>   
>> much of an issue to me, but I'd appreciate your thoughts.
>>
>>     
> What is ftpuser's shell and home directory? Also have you set 
> allowsftp in /etc/rssh.conf ?
>
> There also may be some clues in /var/log/messages depending on what 
> you have set logfacility to.
>
>   

-- 

John J. Culkin			Systems Administrator
John.Culkin@xxxxxxxxxxxx	The University of Scranton
Phone: (570) 941-7665

-- 

redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 

redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux