Chrooted sftp on rhel3
Johan Booysen
johan at matrix-data.co.uk
Fri Jun 15 10:42:25 UTC 2007
Hi everyone,
I'm doing some tests setting up an sftp server, with setting up a chroot
jail for ftp users.
Everything seems to be working fine, but "ftpuser" can cd to outside his
home directory (ftpuser cannot access the user1 or user2 directories,
but can get to etc, lib, and user), which ideally I don't want. I've
played around with setting different permissions, but only the
permissions below seem to work.
In /etc/rssh.conf, I've got the following to set the chroot path:
chrootpath = /home
# pwd
/home
# ls -l
total 24
drwxr-xr-x 2 root root 4096 Jun 15 10:41 etc
drwx------ 3 ftpuser ftpuser 4096 Jun 15 11:20 ftpuser
drwx------ 4 user1 user1 4096 May 25 15:27 gmi
drwx------ 5 user2 user2 4096 Jun 14 16:54 jhb
drwxr-xr-x 3 root root 4096 Jun 14 17:28 lib
drwxr-xr-x 6 root root 4096 Jun 14 17:26 usr
I've then also removed all entries from the copy of the passwd file in
/home/etc/passwd, so that only the ftp users' accounts appear in it.
Any ideas on how to restrict access so ftp users are locked into their
own home directories - if that is even possible? It doesn't seem like
much of an issue to me, but I'd appreciate your thoughts.
Thanks very much.
Johan
More information about the redhat-list
mailing list