From owner-freebsd-security@FreeBSD.ORG  Mon Dec 20 21:23:08 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EE7FE16A4CE
	for <freebsd-security@freebsd.org>;
	Mon, 20 Dec 2004 21:23:08 +0000 (GMT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3029743D5E
	for <freebsd-security@freebsd.org>;
	Mon, 20 Dec 2004 21:23:08 +0000 (GMT)
	(envelope-from brett@lariat.org)
Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org
	[63.229.157.2])	by lariat.org (8.9.3/8.9.3) with ESMTP id OAA08132
	for <freebsd-security@freebsd.org>;
	Mon, 20 Dec 2004 14:23:05 -0700 (MST)
X-message-flag: Warning! Use of Microsoft Outlook renders your system
	susceptible to Internet worms.
Message-Id: <6.2.0.14.2.20041220142255.06260ca0@localhost>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Mon, 20 Dec 2004 14:23:02 -0700
To: freebsd-security@freebsd.org
From: Brett Glass <brett@lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: chroot-ing users coming in via SSH and/or SFTP?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2004 21:23:09 -0000

A client wants me to set up a mechanism whereby his customers can drop files
securely into directories on his FreeBSD server; he also wants them to be
able to retrieve files if needed. The server is already running OpenSSH,
and he himself is using Windows clients (TeraTerm and WinSCP) to access it,
so the logical thing to do seems to be to have his clients send and receive
files via SFTP or SCP. 

The users depositing files on the server shouldn't be allowed to see what
one another are doing or to grope around on the system, so it'd be a good
idea to chroot them into home directories, as is commonly done with FTP.

However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to have a
mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into a 
specific directory. What is the most effective and elegant way to do this? I've 
seen some crude patches that allow you to put a /. in the home directory specified
in /etc/passwd, but these are specific to versions of the "portable" OpenSSH
and none of the diffs seem to match FreeBSD's files exactly. 

--Brett