Chrooted sftp on rhel3
Johan Booysen
johan at matrix-data.co.uk
Tue Jun 19 15:34:58 UTC 2007
Hi,
Thanks very much for all your replies.
I've managed to get it to work in the following way:
I copied the directories you create in your chroot jail (in my example
the directories etc, lib, and usr in my chroot jail /home) to the
individual ftp user's home folder:
# pwd
/home
# ls -l
total 24
drwxr-xr-x 2 root root 4096 Jun 15 10:41 etc
drwx------ 3 ftpuser ftpuser 4096 Jun 15 11:20 ftpuser
drwxr-xr-x 3 root root 4096 Jun 14 17:28 lib
drwxr-xr-x 6 root root 4096 Jun 14 17:26 usr
# cp -r etc ftpuser/
# cp -r lib ftpuser/
# cp -r usr ftpuser/
And then I modify /etc/rssh.conf and add an entry for that user:
user=ftpuser:011:00010:"/home/ftpuser" # sftp with chroot
And that works, it seems.
:)
I'm writing up a complete guide here:
http://joedonner2001.wordpress.com/red-hat-el3/sftp-server-within-a-chro
ot-jail
but just note that it's not 100% accurate at the moment.
Johan
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Karl Latiss
Sent: 16 June 2007 10:05
To: General Red Hat Linux discussion list
Subject: Re: Chrooted sftp on rhel3
On Fri, 2007-06-15 at 11:42 +0100, Johan Booysen wrote:
> Hi everyone,
>
> I'm doing some tests setting up an sftp server, with setting up a
> chroot jail for ftp users.
>
> Everything seems to be working fine, but "ftpuser" can cd to outside
> his home directory (ftpuser cannot access the user1 or user2
> directories, but can get to etc, lib, and user), which ideally I don't
> want. I've played around with setting different permissions, but only
> the permissions below seem to work.
>
> In /etc/rssh.conf, I've got the following to set the chroot path:
> chrootpath = /home
>
> # pwd
> /home
> # ls -l
> total 24
> drwxr-xr-x 2 root root 4096 Jun 15 10:41 etc
> drwx------ 3 ftpuser ftpuser 4096 Jun 15 11:20 ftpuser
> drwx------ 4 user1 user1 4096 May 25 15:27 gmi
> drwx------ 5 user2 user2 4096 Jun 14 16:54 jhb
> drwxr-xr-x 3 root root 4096 Jun 14 17:28 lib
> drwxr-xr-x 6 root root 4096 Jun 14 17:26 usr
>
> I've then also removed all entries from the copy of the passwd file in
> /home/etc/passwd, so that only the ftp users' accounts appear in it.
>
> Any ideas on how to restrict access so ftp users are locked into their
> own home directories - if that is even possible? It doesn't seem like
> much of an issue to me, but I'd appreciate your thoughts.
>
What is ftpuser's shell and home directory? Also have you set allowsftp
in /etc/rssh.conf ?
There also may be some clues in /var/log/messages depending on what you
have set logfacility to.
--
Karl Latiss <karl.latiss at atvert.com.au>
Atvert Systems
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list