Login or Register to Ask a Question and Join Our Community


AIX

AIX 5.x OpenSSH choot and non-root owned

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX AIX 5.x OpenSSH choot and non-root owned
# 1  
Old 01-03-2012
AIX 5.x OpenSSH choot and non-root owned
Good day. I was looking at implementing a chroot environment using openssh. I know I can use the sshd_config file and dictate that it is to use chroot for a specific directory for a user/group. However, the issue with this is that it is has to be root owned. To my knowledge, there is no mount --bind option in AIX.

What I am attempting to accomplish:
folder used by multiple people. They want a new user created that can sftp in and have access to a specific folder only, and NO access to the rest of the file system.

I was initially thinking on using a chroot environment, and have the user put into their own folder (owned by root of course) which would then have a mount --bind command used to have that mounted file system accessible within the jail. However, I don't believe that AIX does a bind mount.

Is there another way of accomplishing this ?

One thing I tested the other day is:
install proftpd with chroot + TLS mod
Then have user login via ftps (filezilla is ftpes) which would changeroot into the folder I specify, which apparently doesn't have to be root owned. Then modify their default shell to something like /usr/sbin/false.

I'm just looking for the best method, hopefully without having to install additional software onto the AIX server.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Create zip file from root owned fstab

I want to zip up my fstab file for backup purposes. This does not work because of permission issues. cd /etc/ zip -u fstab.zip fstab Can I use this with zip? echo xxx | sudo -S or change fstab owner to me? (3 Replies)
Discussion started by: drew77
3 Replies

2. UNIX for Dummies Questions & Answers

Read authorization for everybody on sub-directory owned by root

Hello. On my family laptop, I have a directory named /local. It is owned by root. I want to create a sub-directory named documents ( /local/documents ). I want to exclude exec for every body in that directory I want every authenticated linux user can create a sub directory ( ie :... (7 Replies)
Discussion started by: jcdole
7 Replies

3. AIX

find command to list all the 777 files and directories owned by root user

Hi I'm logged in to an AIX box now and we need to do an audit on this box. cbssapr01:# pwd / Which command will show all the files and directories owned by root user with permissions as 777 ? (8 Replies)
Discussion started by: newtoaixos
8 Replies

4. UNIX for Dummies Questions & Answers

user able to delete directory owned by root

I've tried to figure this out. I'm only about 6 mos into my AIX admin duties, but I've got a "security" problem I can't figure out. I've created a sub directory as follows: drwx------ 2 root system 256 Apr 13 16:02 mike I've logged in another session with the following user: $ id... (2 Replies)
Discussion started by: mpheine
2 Replies

5. UNIX for Dummies Questions & Answers

How to find root owned world writable files?

Being a system administrator i came across a statement as " Excluding temporary directories /tmp and /var/tmp, no root owned files should be in world writable directories" While the above statement may look straight forward but how would i check if there are any such directories in the... (7 Replies)
Discussion started by: pinga123
7 Replies

6. AIX

Help me install Backup Exec (formerlly owned by Veritas) agent on AIX machine :(

Hi all. I hope someone could give me a hand on installing Backup Exec agent on AIX machine :( Agent: OS: AIX 5.3 Hostname: DB-HN-SRV02 IP: 10.1.4.64 Backup server: OS: Windows Server 2003 Hostname: backup-srv IP: 10.1.5.51 I download "Legacy Unix agent.tar", untar, then run file... (0 Replies)
Discussion started by: bsddaemon
0 Replies

7. AIX

AIX 6.1 and OpenSSH

Hi, First of all, I wanted to try AIX and purchased a rs6000 from ebay with AIX6.1 installed. My plan is to lear AIX, but I need to install ssh on the machine for the remote access. The point is that I have seen nowhere a how'to or something. Can you please give me some advices? ... (11 Replies)
Discussion started by: aixn00b
11 Replies

8. AIX

openssh 5.0 with aix 5.3

Hi All, I upgraded my openssh to 5.0. Now I need to modify the sshd_config file to my company's new policy. My problem? There are two config file on my system: /usr/local/etc/sshd_config and /etc/ssh/sshd_config Which should I edit? Please help. Thanks. (1 Reply)
Discussion started by: itik
1 Replies

9. Solaris

sshd (openssh) on SunOS without root privileges

Hi, I've just managed to install openssh in my home directory on a server I have access to by using --prefix=$HOME/local after ./configure. Another thing I was having trouble with without root access was privilege separation, so I disabled that in my sshd_config. However, when I run... (10 Replies)
Discussion started by: sayeo
10 Replies

10. Shell Programming and Scripting

Perl CGI to access / edit "root" owned config files

I am trying to write a CGI program which accesses UNIX configuration files and changes them as required. The thing is, I don't want the CGI program to be "root" owned - it's Perl based! Is there any way that the Perl CGI program can request a username and password - and then use this to... (1 Reply)
Discussion started by: WIntellect
1 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

chroot

chroot(2)							System Calls Manual							 chroot(2)

NAME

       chroot() - change root directory

SYNOPSIS

DESCRIPTION

       causes  the named directory to become the root directory, the starting point for path searches for path names beginning with path points to
       a path name naming a directory.	The user's working directory is unaffected by the system call.

       The entry in the root directory is interpreted to mean the root directory itself.  Thus, cannot be used to access files outside the subtree
       rooted at the root directory.

   Security Restrictions
       The effective user ID of the process must be a user with the privilege to change the root directory.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       returns the following values:

	      Successful completion.
	      Failure.
		     is set to indicate the error.

ERRORS

       fails and the root directory remains unchanged if one or more of the following is true:

	      Any component of the path name is not a directory.

	      The named directory does not exist or a component of the
			     path does not exist.

	      The effective user
			     ID is not a user who has the privilege.

	      path	     points  outside  the  allocated address space of the process.  The reliable detection of this error is implementation
			     dependent.

	      The length of the specified path name exceeds
			     bytes, or the length of a component of the path name exceeds bytes while is in effect.

	      Too many symbolic links were encountered in translating the path
			     name.

WARNINGS

   Obsolescent Interfaces
       is to be obsoleted at a future date.

SEE ALSO

       chroot(1M), chdir(2), privileges(5).

STANDARDS CONFORMANCE

								  TO BE OBSOLETED							 chroot(2)