From owner-freebsd-questions Sun Mar 3 22:22: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from zogbe.tasam.com (ut196.blacksburg.ntc-com.net [63.165.178.196]) by hub.freebsd.org (Postfix) with ESMTP id BB88D37B404 for ; Sun, 3 Mar 2002 22:22:01 -0800 (PST) Received: from frigate (zogbe.tasam.com [10.95.95.5] (may be forged)) by zogbe.tasam.com (8.11.6/8.11.6) with SMTP id g246M1D07188; Mon, 4 Mar 2002 01:22:01 -0500 (EST) Message-ID: <003b01c1c344$ef1d45b0$085f5f0a@frigate> From: "Joseph Gleason" To: "Joseph Gleason" , References: <001501c1c341$c1a8a4b0$085f5f0a@frigate> Subject: Re: OpenSSH & chroot Date: Mon, 4 Mar 2002 01:22:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Unless someone has a better idea, I think I am going to make an small suid program that will become root, chroot to the original users home directory, become the original user and execute sftp-server. Then I will have sshd call this program as the sftp subsystem rather then sftp-server directly. If no one gives me any compelling reasons why this would be a bad idea I will do this and make it available to others. --Joe ----- Original Message ----- From: "Joseph Gleason" To: Sent: Monday, March 04, 2002 00:59 Subject: OpenSSH & chroot > Does anyone know of a way of getting sshd to do chroot to a users home > directory before spawning their shell or sftp? > > I have dug around and currently don't beleive it is possible without > modifying the source for sshd. > > I checked through the mailing list and couldn't find a satasfactory answer. > There was mention of a "ChRootGroups" option in sshd config, but that > dosen't seem to be supported anymore (if it ever was). > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message