Hello, Is there any security reason why the last component of a chroot path is required to be owned by root and not by the user that is chroot-ed into that path? I have tried to think of a reason, but cannot find any except for when several accounts are chrooted into the same directory. But if that is not the case, then, is there any security consideration? If not, then it seems to me that permitting the last component to be owned by the user that is chrooted into it (maybe by a configuration option) would be very comfortable. I am currently in the process of - graduately - changing a chrooted vsftpd environment into a chrooted sftp setup. For time being, both must run simultanious until every 'user' has been migrated. This is an operational environment, that is used for uploading teletekst data for the Dutch national broadcasting agency, so it must continue to function. The homedirectories into which vsftpd chroot the users are owned by the users. They write directly into their home directories. Changing that will break interfaces. So, if chroot-sftp would - optionally - allow the final component to be owned by the user that would work. I'm looking forward to hear about the rationale why all components should be owned by root, or if the last component indeed does not have to be. Kind regards, Stephan
On Fri, 1 May 2015, Stephan Leemburg wrote:> Hello, > > Is there any security reason why the last component of a chroot path > is required to be owned by root and not by the user that is chroot-ed > into that path?This has been discussed on this mailing list several times in the past. You should check the archives.
I did not find any clues when 'googling' and could not find any search options on the archives. So, your answer does really not help. If you can help me with some reference, then it is highly appreciated. I would like to understand the rationaly. Not why 'it is just like it is'. No, why. What is the reasoning behind it. I speak Dutch, English, some Japanese and C. So, I can write something to patch it up in C. But if I do not understand the rationale behind it, what is the value of the writing in any language? If I do not understand the context, that you think I should implicitly understand, what should I do? I can send in a patch if you like. Kind regards, Stephan On 01-05-15 23:42, Damien Miller wrote:> On Fri, 1 May 2015, Stephan Leemburg wrote: > >> Hello, >> >> Is there any security reason why the last component of a chroot path >> is required to be owned by root and not by the user that is chroot-ed >> into that path? > This has been discussed on this mailing list several times in the past. > You should check the archives.