[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot & ssh 3.4p1 & sftp & apache

On Wed, Dec 11, 2002 at 05:50:46PM -0800, jcunningham@engine8.com wrote:
> Hello, I've been reading many documents on chroot and ssh namely:
> http://chrootssh.sourceforge.net/docs/chrootedsftp.html
> http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
> http://www.coding-zone.com/chroot+sftp-server.patch
> and see how one builds a users chroot for sftp however I still DO NOT see
> how to set up sftp for a user to admin their own site.
Ok I suggest not to patch your sshd cause then your on your own to build and
implement the security fixes and that is a hard work.
Instead I suggest to use scponly or a similar shell [1]
You can use scponly to allow normal sftp and scp aktions or as a add-on chroot
the stuff. For the chroot you've to set up a whole enviroment like the once
descripted in the URLs you postet.

> the trouble is ssh wants root to own the chroot and apache wants to own
> the domain so is this not possible?  I know hosting companies with tons of
> sites segment user access from one another; perhaps via chmod + chown
> the goal is not to push users content for them out of a standard home jail
> and for them to only see their site and not be able to read etc others.
> can someone recommend a faq loosely based on the subject.  one from a
> debian box would be a plus.

Ok you can not have a chroot like it is possible with ftp where all the
standard commands (ls, chown, del etc.) are implementet in the server software
itself. But you can restrict the access to parts of the system with the normal
unix system. Important for that is that Linux (and otehr Unix systems) proof
the access rights from left to right (user-group-world) and the first one
matches will be used. So lets say we have a Group for untrusted users named
utrust. This group contains the user baduser1,baduser2 etc. Our sample
directory has the following setup:
rwx---r-x baduser1:utrust

baduser1 tries to change into this directory so Linux checks the user
rights first and we have a matching username/uid so next we look at the
right given to that user. In this case -x is set wich means the user can
change into the directory and so the cd command will be successfull.

Now baduser2 tries to change into the same directory and Linux checks the
user wich does not macht so it will look at the group and hey the user is
in the group utrust so the group rights will apply. No rights for this
group on this directory so the cd command will report access denied and
stay in the pwd.

So with a small concept you can setup a quite secure enviroment where no
shell or sftp/scp user can access the files from another user.

Before you start your work be prepared that there are other ways to circumvent
these proctions for example think about cgi scripts running with the
uid of the webserver.


[1] http://sublimation.org/scponly/

sig wurde betriebsbedingt gekuendigt
Apt-rpm packages for RedHat:

Reply to: