Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: openssh and chroot.
Operating Systems Solaris openssh and chroot. Post 302367828 by vettec3 on Tuesday 3rd of November 2009 02:54:21 PM
Old 11-03-2009
openssh and chroot.
Hi all. I have installed openssh 5.3 and set up jailed root.

It works almost as I want it to I cant cd to any directory above my ch root.

my config :
entry in passwd:
Code:
test2:x:103:113::/users2/test2:/bin/false

sshd_conf:
Code:
Match User test2
ChrootDirectory /users2/%u
#       X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

directories:
/users2 owner root:root 755
/users2/test2 owner root:root 755
/users/test2/ftpfiles owner test2:mygroup 755

When I do sftp test2@testhost I enter in /users2/test2 but there I cant write so I have to cd into ftpfiles
Is this the expected behavior? ? I expected to enter directly to a directory where I could write preferably, /users2/test2.

Should I use other options to ChrootDirectory?

Thanks in advance.

/Jan
Last edited by pludi; 11-03-2009 at 05:22 PM.. Reason: code tags, please...
 

10 More Discussions You Might Find Interesting

1. Linux

chroot?

If i were to create a new user for my ftp would chroot be the proper command to set there root directory as the file i've put all my FTP stuff in? Also would that jail them, or would they beable to get out of the set directory? (0 Replies)
Discussion started by: byblyk
0 Replies

2. AIX

chroot environment

Hi!! I'm currently running AIX 4.3.3 and i'm trying to setup a chroot environment for the users who use SFTP, i spend a lot time SFTW but i can't make it work. I got openssh3.9p1 whit the chroot patch. Any help is greatly appreciated. (0 Replies)
Discussion started by: samurai79
0 Replies

3. UNIX for Advanced & Expert Users

CHRoot Problem

HI , I am trying to setup chrooted environment on RHEL4, for squid proxy. I have copied the required libraries and stuff for chroot. Used the below for chroot-shell . user is squid # grep squid /etc/passwd squid:x:500:501::/opt/squid:/bin/chroot-shell directory trying to jail is... (2 Replies)
Discussion started by: Crazy_murli
2 Replies

4. UNIX for Dummies Questions & Answers

How to start a chroot jail?

I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies

5. UNIX for Advanced & Expert Users

chroot openssh access www folder

here is the setup<br/> sshd_config: <pre> Match User sftp ChrootDirectory /chroot/sftp </pre> I connect just fine to the folder <pre>/chroot/sftp</pre> However I cannot access the website developer folder due to it being outside the scope of the defined chrootdirectory... (2 Replies)
Discussion started by: dunpealslyr
2 Replies

6. AIX

OpenSSH built in chroot facility

Hi all, I'm trying to set up a chroot sftp using OpenSSH. But I'm still having problems. I'm using AIX 5.3 My system and OpenSSH version as follows host1:/>oslevel 5.3.0.0 host1:/>oslevel -r 5300-10 host1:/>ssh -V OpenSSH_5.0p1, OpenSSL 0.9.8h 28 May 2008 host1:/>lslpp -l | grep open... (2 Replies)
Discussion started by: h@foorsa.biz
2 Replies

7. AIX

openssh chroot facility and directory access

Good day. I currently have a request to have sftp access to a specific directory for a user(s). They can have access to that folder only, and nothing below it. Now here is the gotcha that seems to be catching me. The folder they need access to is NOT owned by root, and most of the parent... (0 Replies)
Discussion started by: smurphy_it
0 Replies

8. Solaris

chroot Issues on Solaris

Hello Friends, I am trying the chroot command on a Solaris box (SunOS sx07 5.10 Generic_144489-12 i86pc i386 i86pc) but i am getting an error message chroot: exec failed: Exec format error Did any of you folks got this error before .. and how did you guys fix it .. please help me... (2 Replies)
Discussion started by: sudharma
2 Replies

9. Solaris

BIND in chroot

Hi all, I'm trying to start named in chroot environment manually but i'm getting the following error bash-3.00# cat /etc/release Solaris 10 6/06 s10s_u2wos_09a SPARC Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is... (1 Reply)
Discussion started by: h@foorsa.biz
1 Replies

10. UNIX for Dummies Questions & Answers

[Solved] Not able to do a chroot.

Hi all, I have two doms on my machine. I boot my machine from an rfs in one dom1 and mount the other rfs in the other dom2 at /media. Now I wanted to restrict access of users on dom2 to only their home directories. I do not want them to access any other directories on dom1 or dom2. So I mounted... (2 Replies)
Discussion started by: sai2krishna
2 Replies

LEARN ABOUT DEBIAN

schleuder-newlist

SCHLEUDER-NEWLIST(8)													      SCHLEUDER-NEWLIST(8)

NAME

       schleuder-newlist - create new Schleuder mailing list

SYNOPSIS

       schleuder-newlist [-c baseconfig] newlist@example.net
			 [-realname "Foo List"]
			 [-adminaddress listadmin@example.net]
			 [-initmember member1@example.net
			  -initmemberkey path-to-initmember-publickey]
			 [-privatekeyfile path-to-privatekey
			  -publickeyfile path-to-publickey
			  -passphrase "key passphrase"]
			 [-mailuser schleuder]
			 [-nointeractive]

DESCRIPTION

       schleuder-newlist automates the creation of new Schleuder mailing lists. For more information on Schleuder, please look at schleuder(8).

       schleuder-newlist  does various input validation, and can generate a key or import one. It will give you as well an easy interface to build
       new lists in a scripted manner.

       It also supports an interactive mode, with which the user will be prompted for missing mandatory options. The interactive mode can be  dis-
       abled, using the -nointercative flag; it is automatically disabled if the script isn't run within a valid tty.

       If no -privatekeyfile, -publickeyfile and -passphrase are provided, the list will create a new keypair with a random password. The type and
       length of the generated keypair is specified in /etc/schleuder/schleuder.conf.

OPTIONS

       -c path-to-schleuder-configuration:

	      Specify an alternate configuration directory than the default /etc/schleuder.

       -realname "Foo List"
	      Specify the name of the mailing list.

       -adminaddress listadmin@example.net
	      Specify the email address of a list administrator. This address will be notified of errors, and depending on configuration may  also
	      be allowed to send restricted email commands.

       -initmember member1@example.net
	      Specify  the  first subscribed list member address. Can be the same as the administrator address. This option must be accompanied by
	      -initmemberkey.

       -initmemberkey path-to-initmember-publickey
	      Specify the path to first subscribed list member public key. -initmember must also be specified.

       -privatekeyfile path-to-privatekey
	      Specify the path to a previously-generated private key for  the  list.  This  option  must  be  accompanied  by  -publickeyfile  and
	      -passphrase.

       -publickeyfile path-to-publickey
	      Specify  the  path  to  a  previously-generated  public  key  for  the  list. This option must be accompanied by -privatekeyfile and
	      -passphrase.

       -passphrase "key passphrase"
	      Specify the passphrase needed to access the private key specified in -privatekeyfile. This option must be accompanied by -publickey-
	      file as well.

       -mailuser schleuder
	      Specify the system user account under which schleuder(8) will be executed (when run as root, this defaults to schleuder).

       -nointeractive
	      When specified, no questions will be asked to complete missing information.

EXAMPLES

       This creates a new list called test1 with the initial member foo@bar.ch. A new keypair will be generated for the list.

	     schleuder-newlist foobar@example.org 
		 -realname "bal jak" 
		 -adminaddress admin@example.org 
		 -initmember foo@example.com -initmemberkey /tmp/foo.pub

       The list test2 will be created, a keypair from the following files with the passphrase test will be imported.

	     schleuder-newlist test2@example.com 
		 -realname "bal jak" 
		 -adminaddress foobar@example.org 
		 -privatekeyfile ~/tmp/test2.priv 
		 -publickeyfile /tmp/test2.pub 
		 -passphrase test

FILES

       /etc/schleuder/schleuder.conf
	      global Schleuder configuration

       /etc/schleuder/default-list.conf
	      default list settings

       /var/schleuderlists/HOSTNAME/LISTNAME
	      list internal data

       /var/schleuderlists/HOSTNAME/LISTNAME/list.conf
	      list settings

       /var/schleuderlists/HOSTNAME/LISTNAME/members.conf
	      list susbcribers

       All configuration files are formatted as YAML. See http://www.yaml.org/ for more details.

BUGS

       Known bugs are listed on the Schleuder website.

SEE ALSO

       schleuder(8), aliases(5), gnupg(7).

       Schleuder website
	      http://schleuder.nadir.org/

       YAML website
	      http://www.yaml.org/

								     June 2012						      SCHLEUDER-NEWLIST(8)
All times are GMT -4. The time now is 04:09 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy