Date: Mon, 4 Mar 2002 01:22:17 -0500 From: "Joseph Gleason" <clash@tasam.com> To: "Joseph Gleason" <clash@tasam.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: OpenSSH & chroot Message-ID: <003b01c1c344$ef1d45b0$085f5f0a@frigate> References: <001501c1c341$c1a8a4b0$085f5f0a@frigate>
next in thread | previous in thread | raw e-mail | index | archive | help
Unless someone has a better idea, I think I am going to make an small suid program that will become root, chroot to the original users home directory, become the original user and execute sftp-server. Then I will have sshd call this program as the sftp subsystem rather then sftp-server directly. If no one gives me any compelling reasons why this would be a bad idea I will do this and make it available to others. --Joe ----- Original Message ----- From: "Joseph Gleason" <clash@tasam.com> To: <freebsd-questions@FreeBSD.ORG> Sent: Monday, March 04, 2002 00:59 Subject: OpenSSH & chroot > Does anyone know of a way of getting sshd to do chroot to a users home > directory before spawning their shell or sftp? > > I have dug around and currently don't beleive it is possible without > modifying the source for sshd. > > I checked through the mailing list and couldn't find a satasfactory answer. > There was mention of a "ChRootGroups" option in sshd config, but that > dosen't seem to be supported anymore (if it ever was). > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003b01c1c344$ef1d45b0$085f5f0a>