openssh unix dev - Apr 2008 - request for feature

Dear developers,

I need the feature of separately jailed,  user writeable and user owned
home dirs very badly because I have an SFTP server with 500 users who
are partly nested  
could you please add a feature to set non root chroots with the %h
option ?   Otherwise I have to rewrite the chroot patch for 4.7p1 :-(
 
thank you very much in advance
Dirk

On Tue, Apr 29, 2008 at 08:58:24AM +0200, Dirk.Lammers at Bertelsmann.de
wrote:
> I need the feature of separately jailed,  user writeable and user
> owned home dirs very badly because I have an SFTP server with 500
> users who are partly nested could you please add a feature to set
> non root chroots with the %h option ?   Otherwise I have to rewrite
> the chroot patch for 4.7p1 :-(
Hm, doesn't the built-in sftp-server and new ChrootDirectory in
4.8p1/5.0p1 work in your situation?


//Peter

On Tue, 29 Apr 2008, Dirk.Lammers at Bertelsmann.de wrote:
> 
> Dear developers,
> 
> I need the feature of separately jailed,  user writeable and user owned
> home dirs very badly because I have an SFTP server with 500 users who
> are partly nested  
> could you please add a feature to set non root chroots with the %h
> option ?   Otherwise I have to rewrite the chroot patch for 4.7p1 :-(
ChrootDirectory supports this right now.

Just create one more directory under the chroot for the user's home.
E.g. have your users home directory set as "/home", your
ChrootDirectory
as "/chroot/%u".

sshd will chroot to /chroot/[user] and then chdir to /home relative
to the chroot path. 

We will not be relaxing the permission checks, they are there for good
reasons. There are lots of nasty things a user can do if they can write
to what is effectively /

-d