Chrooted sftp on rhel3
brad at bradandkim.net
brad at bradandkim.net
Fri Jun 15 18:10:01 UTC 2007
> Hi everyone,
>
> I'm doing some tests setting up an sftp server, with setting up a chroot
> jail for ftp users.
>
> Everything seems to be working fine, but "ftpuser" can cd to outside his
> home directory (ftpuser cannot access the user1 or user2 directories,
> but can get to etc, lib, and user), which ideally I don't want. I've
> played around with setting different permissions, but only the
> permissions below seem to work.
>
> In /etc/rssh.conf, I've got the following to set the chroot path:
> chrootpath = /home
>
> # pwd
> /home
> # ls -l
> total 24
> drwxr-xr-x 2 root root 4096 Jun 15 10:41 etc
> drwx------ 3 ftpuser ftpuser 4096 Jun 15 11:20 ftpuser
> drwx------ 4 user1 user1 4096 May 25 15:27 gmi
> drwx------ 5 user2 user2 4096 Jun 14 16:54 jhb
> drwxr-xr-x 3 root root 4096 Jun 14 17:28 lib
> drwxr-xr-x 6 root root 4096 Jun 14 17:26 usr
>
> I've then also removed all entries from the copy of the passwd file in
> /home/etc/passwd, so that only the ftp users' accounts appear in it.
>
> Any ideas on how to restrict access so ftp users are locked into their
> own home directories - if that is even possible? It doesn't seem like
> much of an issue to me, but I'd appreciate your thoughts.
>
> Thanks very much.
>
> Johan
I never had much luck setting it up that way either, so I went with this
little program:
http://www.jmcresearch.com/projects/jail/howto.html
It works pretty well and I think accomplishes what you are after.
Thanks,
Brad Crotchett
brad at bradandkim.net
http://www.bradandkim.net
More information about the redhat-list
mailing list