bugzilla-daemon at bugzilla.mindrot.org
2011-Nov-18 17:40 UTC
[Bug 1951] New: Add home directory facility for chrooted environments
https://bugzilla.mindrot.org/show_bug.cgi?id=1951 Bug #: 1951 Summary: Add home directory facility for chrooted environments Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: darcy at druid.net Created attachment 2107 --> https://bugzilla.mindrot.org/attachment.cgi?id=2107 Diffs agains NetBSD 5.1 I find that the internal-sftp mostly does what I want except that it leaves the user in the root of the chroot area. I can't make the user's directory the chroot since that is not owned by root. So I added code to allow me to specify the home directory. So, for example, I have the following Match stanza in sshd_config: Match Group sftponly ChrootDirectory /u/ AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp HomeDirectory /%u/ Now the user is dropped into his own home directory under the chroot area. I'm not sure if the name is correct - we don't have to actually specify his home directory - but I have tested this on NetBSD 5.1 and it works. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-01 23:56 UTC
[Bug 1951] Add home directory facility for chrooted environments
https://bugzilla.mindrot.org/show_bug.cgi?id=1951 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> 2011-12-02 10:56:13 EST --- Actually, when ChrootDirectory is in use sshd will try to change to the user's home directory as obtained from the password database. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 12:00 UTC
[Bug 1951] Add home directory facility for chrooted environments
https://bugzilla.mindrot.org/show_bug.cgi?id=1951 --- Comment #2 from D'Arcy Cain <darcy at druid.net> 2011-12-02 23:00:39 EST --- That's not what I saw in my case. If you mean the system passwd file then that does not help. That might be a different structure than the chrooted area. I tried creating a passwd file in the chroot are but that didn't work. Maybe it is internal-sftp that is different. Try it yourself. Create a test user and group and add a Match stanza similar to the one in my report except for the HomeDirectory. See if you can make a passwd file that will drop that user into their home directory. I tried all sorts of things and none of them worked. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 20:57 UTC
[Bug 1951] Add home directory facility for chrooted environments
https://bugzilla.mindrot.org/show_bug.cgi?id=1951 --- Comment #3 from Damien Miller <djm at mindrot.org> 2011-12-03 07:57:54 EST --- No, it uses the system password file and not one inside the chroot. You can recreate the home directory structure from the password file inside the chroot and it will work. E.g. create /u/home/sftponly (if that's what the password home directory is) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 22:27 UTC
[Bug 1951] Add home directory facility for chrooted environments
https://bugzilla.mindrot.org/show_bug.cgi?id=1951 --- Comment #4 from D'Arcy Cain <darcy at druid.net> 2011-12-03 09:27:52 EST --- Again, not that useful. Here is the issue. My user is "joe" so his home directory, where his public_html lives, is /u/joe. In the chroot directory he is /joe. I want him to wind up in /joe. After chroot /u/joe doesn't even exist. But I need it to exist in the top level in order to display his web site so I can't modify /etc/passwd. Yes, I could probably do all sorts of funky links/null mounts but a simple sshd_config directive would be so much simpler and cleaner. I do create a passwd and group file under /u so that directory listings show ownership. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.