similar to: Possible UID/GID bug in chrooted shells?

I was wondering if it would be possible to keep a user/uid <-> file map so that root access wouldn't be necessary to store the files and retrieve them with the correct original usernames (or uids), specifying a filename on the command line as something like .rsyncuidmap. Or even a file system stored in a file that could be "mounted" by rsync and written any uid/gid etc that

Hi Damien, Thank you. I read the rationale. Just to summarize, a user writeable chroot target is considered dangerous if: 1) the user has another way of gaining non-chrooted access to the system 2) is able to create hardlinks to setuid-binaries outside of the chroot tree 3) there are bugs somewhere that allow privilige escalation or remote execution of other programs While all these

Chris, Perhaps you need to perform some write_conf like command. I''m not sure if this is needed in 1.6 or not. Shane ----- Original Message ----- From: lustre-discuss-bounces at lists.lustre.org <lustre-discuss-bounces at lists.lustre.org> To: lustre-discuss <lustre-discuss at lists.lustre.org> Sent: Fri Mar 07 12:03:17 2008 Subject: Re: [Lustre-discuss] Multihomed

Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: *CRITICAL* Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access to a system via SSH to scp, sftp, rsync, rdist, and cvs. It also allows the system

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

Le Jeudi 11 Avril 2002 21:09, m.ibarra at cdcixis-na.com a ?crit : > I was curious to know if you had any luck in getting openssh's sftp > server properly configured to allow chrooted sftp logins? I have had > no success and need something quickly. Dear Mike, Unfortunately, I did not succeed to have it work. I got in contact with James Dennis <jdennis at law.harvard.edu>, who

Le Friday, 31 March 2023, 17:47:14 EDT John-Mark Gurney a ?crit : > hvjunk wrote this message on Thu, Mar 30, 2023 at 23:12 +0200: > > I've been battling similar issues, and the only methods I've found (with sftp) was to use > > software like pureftd or crushftp (using crushftp lately as production) that does handle these > > issues "out of the box" > >

Hi, I have trouble setting up chrooted SFTP for our user. I got the basic SFTP chroot working, user is chrooted to its home directory, I've added /home/userb/etc directory with dummy passwd, group and localtime files. The problem is that instead of only accessing its own files, I need the user to be able to remove another users files. I have web application which runs as different user, the

Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users.

Hi All, Could anyone explain what is "enhance SSH so that sftp chrooted user sessions are loged in to syslog"? What is "chrooted user sessions"? I'm sorry for the interruption and the laughable question. Thanks and Regards, Bin.Bai.

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

Hi, I am not sure it this still is a point, but I just discovered that a chrooted rsync version 2.6.3pre1 is forgetting the time zone underways: Jan 12 07:00:01 ftp4 rsyncd[11091]: rsync on dobes/ from dobes@edoc1.gwdg.de (134.76.28.251) Jan 12 06:00:39 ftp4 rsyncd[11091]: wrote 732542 bytes read 182 bytes total size 553909487945 Logging is done with syslog. Time zone is GMT+1, the system

https://bugzilla.mindrot.org/show_bug.cgi?id=2048 Priority: P5 Bug ID: 2048 Assignee: unassigned-bugs at mindrot.org Summary: Make chrooted sftp more user friendly using bind mount (solution suggested) Severity: enhancement Classification: Unclassified OS: Linux Reporter: harviecz at gmail.com

Good afternoon. I'm new to the list, so apologies in advance if the noob in me comes through too loudly. >From things I've read in the distant past, I have the impression that the OpenSSH project tries to keep new features to a minimum, and there are good security reasons to do this. That said, one feature that I feel would be a good addition to OpenSSH is the ability to send logs via

On Mon, July 6, 2015 15:47, m.roth at 5-cent.us wrote: > James B. Byrne wrote: >> We have a requirement to allow ssh access to a server in order to >> provide a secure link to one of our legacy systems. I would like to >> chroot these accounts. >> >> I have this working except for one small detail, the user's prompt >> in >> the ssh session. Each

On Fri, Jan 05, 2018 at 09:42:18PM +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ years), > and I can't think what

https://bugzilla.mindrot.org/show_bug.cgi?id=1951 Bug #: 1951 Summary: Add home directory facility for chrooted environments Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd

On Fri, 2018-01-05 at 21:42 +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ > years), and I can't think what these

Where in the ext2/3 code does it know that a block on the disk is now free to reuse? Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/ext3-users/attachments/20080916/7b737a93/attachment.htm>

If I boot a 5.7 install disk with 'linux rescue selinux=0', let it start the network and detect the installed system, ssh seems to work, but rsync fails with "rsync: connection unexpectedly closed (0 bytes received so far) [receiver]). Shouldn't it work as long as the underlying ssh connection works? It doesn't prompt for the ssh password and using -essh doesn't change