Chrooted sftp on rhel3

Johan Booysen johan at matrix-data.co.uk
Tue Jun 19 15:34:58 UTC 2007 

Hi,

Thanks very much for all your replies.

I've managed to get it to work in the following way:

I copied the directories you create in your chroot jail (in my example
the directories etc, lib, and usr in my chroot jail /home) to the
individual ftp user's home folder:

# pwd
/home
# ls -l
total 24
drwxr-xr-x    2 root     root         4096 Jun 15 10:41 etc
drwx------    3 ftpuser  ftpuser      4096 Jun 15 11:20 ftpuser
drwxr-xr-x    3 root     root         4096 Jun 14 17:28 lib
drwxr-xr-x    6 root     root         4096 Jun 14 17:26 usr

# cp -r etc ftpuser/
# cp -r lib ftpuser/
# cp -r usr ftpuser/

And then I modify /etc/rssh.conf and add an entry for that user:

user=ftpuser:011:00010:"/home/ftpuser"  # sftp with chroot

And that works, it seems.

:)

I'm writing up a complete guide here:

http://joedonner2001.wordpress.com/red-hat-el3/sftp-server-within-a-chro
ot-jail

but just note that it's not 100% accurate at the moment.

Johan

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Karl Latiss
Sent: 16 June 2007 10:05
To: General Red Hat Linux discussion list
Subject: Re: Chrooted sftp on rhel3

On Fri, 2007-06-15 at 11:42 +0100, Johan Booysen wrote:
> Hi everyone,
> 
> I'm doing some tests setting up an sftp server, with setting up a 
> chroot jail for ftp users.
> 
> Everything seems to be working fine, but "ftpuser" can cd to outside 
> his home directory (ftpuser cannot access the user1 or user2 
> directories, but can get to etc, lib, and user), which ideally I don't

> want.  I've played around with setting different permissions, but only

> the permissions below seem to work.
> 
> In /etc/rssh.conf, I've got the following to set the chroot path:
> chrootpath = /home
> 
> # pwd
> /home
> # ls -l
> total 24
> drwxr-xr-x    2 root     root         4096 Jun 15 10:41 etc
> drwx------    3 ftpuser  ftpuser      4096 Jun 15 11:20 ftpuser
> drwx------    4 user1    user1        4096 May 25 15:27 gmi
> drwx------    5 user2    user2        4096 Jun 14 16:54 jhb
> drwxr-xr-x    3 root     root         4096 Jun 14 17:28 lib
> drwxr-xr-x    6 root     root         4096 Jun 14 17:26 usr
> 
> I've then also removed all entries from the copy of the passwd file in

> /home/etc/passwd, so that only the ftp users' accounts appear in it.
> 
> Any ideas on how to restrict access so ftp users are locked into their

> own home directories - if that is even possible?  It doesn't seem like

> much of an issue to me, but I'd appreciate your thoughts.
> 
What is ftpuser's shell and home directory? Also have you set allowsftp
in /etc/rssh.conf ?

There also may be some clues in /var/log/messages depending on what you
have set logfacility to.

-- 

Karl Latiss <karl.latiss at atvert.com.au>
Atvert Systems

-- 

redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list