Displaying 20 results from an estimated 4000 matches similar to: "[Bug 1461] New: session.c: don't chdir() after chroot() if chroot_path==pw->pw_dir"
2004 Dec 01
1
$HOME instead of pw->pw_dir question.
Hello.
I have one, small question.
There are any security reasons to not use a getenv("HOME")
instead of pw->pw_dir in ssh.c and tildexpand.c to find
user home directory?
--
Grzegorz Kryza
mailto: kryza at nomachine.com
http://grzegorz.kryza.net
2008 May 25
1
OpenSSH + chroot + SELinux = broke
Hello,
First, a big thank you to the OpenSSH devs.
_ /Problem Summary:/
_ Chroot and SELinux don't get along. This affects both the new
(official) ChrootDirectory feature, as well as the older (3rd party)
patch at http://chrootssh.sourceforge.net/.
_ /History and repro:/
_ On March 21, 2008, Alexandre Rossi posted to this list with the
subject: "*ChrootDirectory
2008 Nov 11
3
Directory permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2013 Mar 12
1
passing username and password to external script
Hello,
Is it possible to pass user's credentials provided on login time to
external script? My goal is to run external script which will mount
webdav share by using user's username and password and afterwards share
it through samba.
--
odwied? nasz? stron? <http://www.artegence.pl/swf/index.html?a=m>
Do??cz do nas na Facebooku <http://www.facebook.com/artegence>
2013 Aug 19
0
Re: missing chdir before chroot in guestfsd
On Sun, Aug 18, 2013 at 02:29:15PM +0200, Olaf Hering wrote:
>
> daemon.c does just a chroot, without chdir. The result is that pwd does not
> work correctly (it causes fs/dcache.c:prepend_unreachable() to add the
> unreachable string). A workaround is to add "cd /" before each sh command.
>
> ><fs> mount /dev/sda2 /
> ><fs> sh "cd / ; chroot
2008 Nov 19
1
chdir / chroot after pre-xfer ?
Hello,
I am trying to configure rsyncd to mount destination encrypted FS
(using EncFS) before syncing.
In my rsyncd.conf :
[test]
path = /home/dest
<...>
pre-xfer exec = sleep 30 ; echo mypassword | encfs -S /home/
encrypteddir /home/dest ; sleep 30
(I have put "sleep 30" instructions just to make some tests)
/home/encrypteddir is correctly mounted by rsyncd to /home/dest
2013 Aug 18
3
missing chdir before chroot in guestfsd
daemon.c does just a chroot, without chdir. The result is that pwd does not
work correctly (it causes fs/dcache.c:prepend_unreachable() to add the
unreachable string). A workaround is to add "cd /" before each sh command.
><fs> mount /dev/sda2 /
><fs> sh "cd / ; chroot / ; /bin/pwd"
/
><fs> sh "/bin/pwd"
(unreachable)/
><fs> sh
2006 Oct 09
1
About sftp-server root path
Hi,
I saw in archive that some people made a patch to sftp-server, and that patch
sets a root path.
I'd like to know if there's an ideia to apply that patch in main tree of
openssh?
With the use of SSHFS [wich uses sftp-server], it would be interesting to
have someting like that, because as we have netboot workstations, the access
to devices [such as, floppy, cdrom and usb data] are
2008 Oct 27
2
[Bug 177] provide chroot option for sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=177
Joshua Pettett <devel at homelinkcs.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|sshd |sftp-server
AssignedTo|openssh-bugs at mindrot.org |unassigned-bugs at mindrot.org
--- Comment
2013 Feb 02
2
Relaxing strict chroot checks on recent Linux kernels?
At the risk of beating a dead horse, I'd like to see the chroot
security checks relaxed a bit. On newer Linux kernels, there's a
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) that prevents privilege
elevation (via setuid binaries, etc) for the caller and all of its
descendants. That means that chroot(untrusted directory),
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), setreuid(uid, uid), execve(a
2010 Jul 10
1
internal-sftp and logging not working with Fedora and chroot using 5.5?
Hope ya'all can help!
Been reading and reading, and adjusting... to no avail.
We need to have chroot'd SFTP activities logged on a file server and for
whatever reason, I simply cannot get it to log with users that are chroot'd
(this is necessary for auditing and HIPAA - so it is pretty important)
I have tried with Fedora 11/12 and even an older Fedora 8 server, the same
results:
1.
2000 Oct 24
2
feature request & patch submit: chroot(2) in sshd
Hello,
whereas most people take passwd/shadow/ldap/<whatever> as the place where
decision on a chrooted environment / sandbox for certain users is met (just
set the given usershell appropriateley), I needed a somewhat different
approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config
by two options and, when set, places all users / users of a certain group
immediately in
2020 Apr 11
2
internal-sftp + chroot [was: Parallel transfers]
Nico Kadel-Garcia wrote:
> in places where I do not want OpenSSH server's tendency ro let
> people with access look around the rest of the filesystem.
If you want users to be able to use *only* SFTP then set a ChrootDirectory
and ForceCommand internal-sftp in a Match for the user in sshd_config.
//Peter
2003 Aug 16
0
sftp-server (secure) chroot patch, comment fix
Accidently removed XXX comment. New patch below.
Regards
Magnus
--- openssh-3.6.1p2/sftp-server.c.org 2003-08-11 22:07:47.098650000 +0200
+++ openssh-3.6.1p2/sftp-server.c 2003-08-16 19:07:14.273582000 +0200
@@ -24,15 +24,24 @@
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $");
+#define CHROOT
#include "buffer.h"
2003 Sep 30
1
[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update
Hello all,
Here is an updated patch. I published the original patch published on
august 16.
--- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000
+0200
+++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
@@ -24,6 +24,7 @@
#include \"includes.h\"
RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp
$\");
+#define CHROOT
2012 Nov 23
1
samba4 as PDC: tsig verify failure
I've configured samba4 as PDC according to the official HOWTO. Nearly
everything went well, except that executing command samba_dnsupdate
results with:
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 21 entries
The whole output is available at:
http://pastebin.com/xrG2KZwZ
It's wired, because domain seems working properly: I can login as
domain admin,
2003 Aug 16
0
sftp-server (secure) chroot patch?
Hello,
I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users
2010 Feb 10
1
Syslog for chroot-jailed SFTP users?
Maybe one of you can help. We have set up a CentOS server so that
each user who logs in via sftp will be jailed in their home directory.
Here's the relevant sshd_config:
# override default of no subsystems
Subsystem sftp internal-sftp -f LOCAL2 -l INFO
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
This actually works great, but none of
2008 Apr 29
2
request for feature
Dear developers,
I need the feature of separately jailed, user writeable and user owned
home dirs very badly because I have an SFTP server with 500 users who
are partly nested
could you please add a feature to set non root chroots with the %h
option ? Otherwise I have to rewrite the chroot patch for 4.7p1 :-(
thank you very much in advance
Dirk
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
I run a sshd host solely to allow employees to tunnel secure
connections to our internal hosts. Some of which do not support
encrypted protocols. These connections are chroot'ed via the
following in /etc/ssh/sshd_config
Match Group !wheel,!xxxxxx,yyyyy
AllowTcpForwarding yes
ChrootDirectory /home/yyyyy
X11Forwarding yes
Where external users belong to group yyyyy (primary).
We