Visit Our UNIX and Linux User Community


AIX 5.x OpenSSH choot and non-root owned


 
Thread Tools Search this Thread
Operating Systems AIX AIX 5.x OpenSSH choot and non-root owned
# 1  
Old 01-03-2012
AIX 5.x OpenSSH choot and non-root owned

Good day. I was looking at implementing a chroot environment using openssh. I know I can use the sshd_config file and dictate that it is to use chroot for a specific directory for a user/group. However, the issue with this is that it is has to be root owned. To my knowledge, there is no mount --bind option in AIX.

What I am attempting to accomplish:
folder used by multiple people. They want a new user created that can sftp in and have access to a specific folder only, and NO access to the rest of the file system.

I was initially thinking on using a chroot environment, and have the user put into their own folder (owned by root of course) which would then have a mount --bind command used to have that mounted file system accessible within the jail. However, I don't believe that AIX does a bind mount.

Is there another way of accomplishing this ?

One thing I tested the other day is:
install proftpd with chroot + TLS mod
Then have user login via ftps (filezilla is ftpes) which would changeroot into the folder I specify, which apparently doesn't have to be root owned. Then modify their default shell to something like /usr/sbin/false.

I'm just looking for the best method, hopefully without having to install additional software onto the AIX server.

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Create zip file from root owned fstab

I want to zip up my fstab file for backup purposes. This does not work because of permission issues. cd /etc/ zip -u fstab.zip fstab Can I use this with zip? echo xxx | sudo -S or change fstab owner to me? (3 Replies)
Discussion started by: drew77
3 Replies

2. UNIX for Dummies Questions & Answers

Read authorization for everybody on sub-directory owned by root

Hello. On my family laptop, I have a directory named /local. It is owned by root. I want to create a sub-directory named documents ( /local/documents ). I want to exclude exec for every body in that directory I want every authenticated linux user can create a sub directory ( ie :... (7 Replies)
Discussion started by: jcdole
7 Replies

3. AIX

find command to list all the 777 files and directories owned by root user

Hi I'm logged in to an AIX box now and we need to do an audit on this box. cbssapr01:# pwd / Which command will show all the files and directories owned by root user with permissions as 777 ? (8 Replies)
Discussion started by: newtoaixos
8 Replies

4. UNIX for Dummies Questions & Answers

user able to delete directory owned by root

I've tried to figure this out. I'm only about 6 mos into my AIX admin duties, but I've got a "security" problem I can't figure out. I've created a sub directory as follows: drwx------ 2 root system 256 Apr 13 16:02 mike I've logged in another session with the following user: $ id... (2 Replies)
Discussion started by: mpheine
2 Replies

5. UNIX for Dummies Questions & Answers

How to find root owned world writable files?

Being a system administrator i came across a statement as " Excluding temporary directories /tmp and /var/tmp, no root owned files should be in world writable directories" While the above statement may look straight forward but how would i check if there are any such directories in the... (7 Replies)
Discussion started by: pinga123
7 Replies

6. AIX

Help me install Backup Exec (formerlly owned by Veritas) agent on AIX machine :(

Hi all. I hope someone could give me a hand on installing Backup Exec agent on AIX machine :( Agent: OS: AIX 5.3 Hostname: DB-HN-SRV02 IP: 10.1.4.64 Backup server: OS: Windows Server 2003 Hostname: backup-srv IP: 10.1.5.51 I download "Legacy Unix agent.tar", untar, then run file... (0 Replies)
Discussion started by: bsddaemon
0 Replies

7. AIX

AIX 6.1 and OpenSSH

Hi, First of all, I wanted to try AIX and purchased a rs6000 from ebay with AIX6.1 installed. My plan is to lear AIX, but I need to install ssh on the machine for the remote access. The point is that I have seen nowhere a how'to or something. Can you please give me some advices? ... (11 Replies)
Discussion started by: aixn00b
11 Replies

8. AIX

openssh 5.0 with aix 5.3

Hi All, I upgraded my openssh to 5.0. Now I need to modify the sshd_config file to my company's new policy. My problem? There are two config file on my system: /usr/local/etc/sshd_config and /etc/ssh/sshd_config Which should I edit? Please help. Thanks. (1 Reply)
Discussion started by: itik
1 Replies

9. Solaris

sshd (openssh) on SunOS without root privileges

Hi, I've just managed to install openssh in my home directory on a server I have access to by using --prefix=$HOME/local after ./configure. Another thing I was having trouble with without root access was privilege separation, so I disabled that in my sshd_config. However, when I run... (10 Replies)
Discussion started by: sayeo
10 Replies

10. Shell Programming and Scripting

Perl CGI to access / edit "root" owned config files

I am trying to write a CGI program which accesses UNIX configuration files and changes them as required. The thing is, I don't want the CGI program to be "root" owned - it's Perl based! Is there any way that the Perl CGI program can request a username and password - and then use this to... (1 Reply)
Discussion started by: WIntellect
1 Replies
CHROOT(8)						    BSD System Manager's Manual 						 CHROOT(8)

NAME
chroot -- change root directory SYNOPSIS
chroot [-u -user] [-g -group] [-G -group,group,...] newroot [command] DESCRIPTION
The chroot utility changes its current and root directories to the supplied directory newroot and then exec's command, if supplied, or an interactive copy of the user's login shell. If the -u, -g or -G options are given, the user, group and group list of the process are set to these values after the chroot has taken place. See setgid(2), setgroups(2), setuid(2), getgrnam(3) and getpwnam(3). Note, command or the shell are run as your real-user-id. ENVIRONMENT
The following environment variable is referenced by : SHELL If set, the string specified by SHELL is interpreted as the name of the shell to exec. If the variable SHELL is not set, /bin/sh is used. SEE ALSO
chdir(2), chroot(2), environ(7), jail(8) HISTORY
The chroot utility first appeared in 4.4BSD. SECURITY CONSIDERATIONS
chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privileges. BSD
January 24, 2002 BSD

Featured Tech Videos