[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: sftp question

To: Marco Brigham <marco.brigham@advalvas.be>
Subject: RE: sftp question
From: Truman Boyes <truman@research.suspicious.org>
Date: Sun, 10 Dec 2000 21:57:46 -0500 (EST)
Cc: Morten Liebach <morten@hotpost.dk>, misc@openbsd.org

only root can run chroot.

if inetd is trying to run chroot with less privs there might be a
problem. also keep in mind that chroot with chroot the whole
application. if the app is not static compiled you may find a problem if
it references any lib not contained within the chroot.



cheers,
.truman.boyes.
---------------------------------------------
 "There is no reason anyone would want a computer in their home,"
  -- Ken Olson, pres., and founder of Digital Equipment Corp., 1971


On Mon, 11 Dec 2000, Marco Brigham wrote:

> OK, I get it. The first option is to add sftp-server to /etc/shells, and the
> second is to directly edit the users shell path. Thanks :) I was confused
> indeed...
> 
> Now that I have it working, it would be nice to have the user only see its
> own home folder. After looking at 'man chroot' I gave it a try by changing
> line (on /etc/sshd_config):
> 	Subsystem       sftp    /usr/libexec/sftp-server
> to
> 	Subsystem       sftp    /usr/sbin/chroot $HOME /usr/libexec/sftp-server
> 
> Which didn't work...
> 
> Was this a stupid idea?
> 
> -----Original Message-----
> From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org]On Behalf Of
> Morten Liebach
> Sent: Sunday, December 10, 2000 11:53 PM
> To: misc@openbsd.org
> Subject: Re: sftp question
> 
> 
> On 10, Dec, 2000 at 11:22:17PM +0100, Marco Brigham wrote:
> > Hi Jason,
> >
> > Thanks for your reply.
> >
> > Actually I did search the archives, and found the "...create a shell that
> > only runs the sftp-server" solution. Only I don't have a clue on what that
> > means...is it in the archives too? :)
> 
> Sounds like you're confused.
> 
> Make the users shell be /usr/libexec/sftp-server, make the change with
> 'vipw', change the last field to /usr/libexec/sftp-server.
> 
> Read man 5 passwd for more on the format of the passwd file.
> 
> This is not something I have tried myself, but it was what I got out of
> the thread mentioned above.
> 
> HTH, HAND, nighty night
> 
>                              Morten
> 
> --
> UNIX, reach out and grep someone!
> 
> 
>

References:
- RE: sftp question
  - From: "Marco Brigham" <marco.brigham@advalvas.be>

Prev by Date: Re: shutting off usb ethernet device on laptop
Next by Date: Re: ssh - are you nuts?!?
Prev by thread: RE: sftp question
Next by thread: Re: sftp question
Index(es):
- Date
- Thread