Chrooted sftp on rhel3

Johan Booysen johan at matrix-data.co.uk
Fri Jun 15 10:42:25 UTC 2007


Hi everyone,

I'm doing some tests setting up an sftp server, with setting up a chroot
jail for ftp users.

Everything seems to be working fine, but "ftpuser" can cd to outside his
home directory (ftpuser cannot access the user1 or user2 directories,
but can get to etc, lib, and user), which ideally I don't want.  I've
played around with setting different permissions, but only the
permissions below seem to work.

In /etc/rssh.conf, I've got the following to set the chroot path:
chrootpath = /home

# pwd
/home
# ls -l
total 24
drwxr-xr-x    2 root     root         4096 Jun 15 10:41 etc
drwx------    3 ftpuser  ftpuser      4096 Jun 15 11:20 ftpuser
drwx------    4 user1    user1        4096 May 25 15:27 gmi
drwx------    5 user2    user2        4096 Jun 14 16:54 jhb
drwxr-xr-x    3 root     root         4096 Jun 14 17:28 lib
drwxr-xr-x    6 root     root         4096 Jun 14 17:26 usr

I've then also removed all entries from the copy of the passwd file in
/home/etc/passwd, so that only the ftp users' accounts appear in it.

Any ideas on how to restrict access so ftp users are locked into their
own home directories - if that is even possible?  It doesn't seem like
much of an issue to me, but I'd appreciate your thoughts.

Thanks very much.

Johan




More information about the redhat-list mailing list