Login or Register to Ask a Question and Join Our Community


AIX

AIX 5.x OpenSSH choot and non-root owned

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX AIX 5.x OpenSSH choot and non-root owned
# 1  
Old 01-03-2012
AIX 5.x OpenSSH choot and non-root owned
Good day. I was looking at implementing a chroot environment using openssh. I know I can use the sshd_config file and dictate that it is to use chroot for a specific directory for a user/group. However, the issue with this is that it is has to be root owned. To my knowledge, there is no mount --bind option in AIX.

What I am attempting to accomplish:
folder used by multiple people. They want a new user created that can sftp in and have access to a specific folder only, and NO access to the rest of the file system.

I was initially thinking on using a chroot environment, and have the user put into their own folder (owned by root of course) which would then have a mount --bind command used to have that mounted file system accessible within the jail. However, I don't believe that AIX does a bind mount.

Is there another way of accomplishing this ?

One thing I tested the other day is:
install proftpd with chroot + TLS mod
Then have user login via ftps (filezilla is ftpes) which would changeroot into the folder I specify, which apparently doesn't have to be root owned. Then modify their default shell to something like /usr/sbin/false.

I'm just looking for the best method, hopefully without having to install additional software onto the AIX server.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Create zip file from root owned fstab

I want to zip up my fstab file for backup purposes. This does not work because of permission issues. cd /etc/ zip -u fstab.zip fstab Can I use this with zip? echo xxx | sudo -S or change fstab owner to me? (3 Replies)
Discussion started by: drew77
3 Replies

2. UNIX for Dummies Questions & Answers

Read authorization for everybody on sub-directory owned by root

Hello. On my family laptop, I have a directory named /local. It is owned by root. I want to create a sub-directory named documents ( /local/documents ). I want to exclude exec for every body in that directory I want every authenticated linux user can create a sub directory ( ie :... (7 Replies)
Discussion started by: jcdole
7 Replies

3. AIX

find command to list all the 777 files and directories owned by root user

Hi I'm logged in to an AIX box now and we need to do an audit on this box. cbssapr01:# pwd / Which command will show all the files and directories owned by root user with permissions as 777 ? (8 Replies)
Discussion started by: newtoaixos
8 Replies

4. UNIX for Dummies Questions & Answers

user able to delete directory owned by root

I've tried to figure this out. I'm only about 6 mos into my AIX admin duties, but I've got a "security" problem I can't figure out. I've created a sub directory as follows: drwx------ 2 root system 256 Apr 13 16:02 mike I've logged in another session with the following user: $ id... (2 Replies)
Discussion started by: mpheine
2 Replies

5. UNIX for Dummies Questions & Answers

How to find root owned world writable files?

Being a system administrator i came across a statement as " Excluding temporary directories /tmp and /var/tmp, no root owned files should be in world writable directories" While the above statement may look straight forward but how would i check if there are any such directories in the... (7 Replies)
Discussion started by: pinga123
7 Replies

6. AIX

Help me install Backup Exec (formerlly owned by Veritas) agent on AIX machine :(

Hi all. I hope someone could give me a hand on installing Backup Exec agent on AIX machine :( Agent: OS: AIX 5.3 Hostname: DB-HN-SRV02 IP: 10.1.4.64 Backup server: OS: Windows Server 2003 Hostname: backup-srv IP: 10.1.5.51 I download "Legacy Unix agent.tar", untar, then run file... (0 Replies)
Discussion started by: bsddaemon
0 Replies

7. AIX

AIX 6.1 and OpenSSH

Hi, First of all, I wanted to try AIX and purchased a rs6000 from ebay with AIX6.1 installed. My plan is to lear AIX, but I need to install ssh on the machine for the remote access. The point is that I have seen nowhere a how'to or something. Can you please give me some advices? ... (11 Replies)
Discussion started by: aixn00b
11 Replies

8. AIX

openssh 5.0 with aix 5.3

Hi All, I upgraded my openssh to 5.0. Now I need to modify the sshd_config file to my company's new policy. My problem? There are two config file on my system: /usr/local/etc/sshd_config and /etc/ssh/sshd_config Which should I edit? Please help. Thanks. (1 Reply)
Discussion started by: itik
1 Replies

9. Solaris

sshd (openssh) on SunOS without root privileges

Hi, I've just managed to install openssh in my home directory on a server I have access to by using --prefix=$HOME/local after ./configure. Another thing I was having trouble with without root access was privilege separation, so I disabled that in my sshd_config. However, when I run... (10 Replies)
Discussion started by: sayeo
10 Replies

10. Shell Programming and Scripting

Perl CGI to access / edit "root" owned config files

I am trying to write a CGI program which accesses UNIX configuration files and changes them as required. The thing is, I don't want the CGI program to be "root" owned - it's Perl based! Is there any way that the Perl CGI program can request a username and password - and then use this to... (1 Reply)
Discussion started by: WIntellect
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OSF1

chroot

chroot(2)							System Calls Manual							 chroot(2)

NAME

       chroot - Changes the effective root directory

SYNOPSIS

       #include <unistd.h>

       int chroot (	 const char *path );

STANDARDS

       Interfaces documented on this reference page conform to industry standards as follows:

       chroot():  XPG4, XPG4-UNIX

       Refer to the standards(5) reference page for more information about industry standards and associated tags.

PARAMETERS

       Points to the new effective root directory.  If the path parameter refers to a symbolic link, the chroot() function sets the effective root
       directory to the directory pointed to by the symbolic link.

DESCRIPTION

       The chroot() function causes the directory named by the path parameter to become the effective root directory.

       The effective root directory is the starting point when searching for a file's pathname that begins with a / (slash). The  current  working
       directory is not affected by the chroot() function.

       The  calling  process  must  have  superuser privilege in order to change the effective root directory.	The calling process must also have
       search access to the new effective root directory.

       The .. (dot-dot) entry in the effective root directory is interpreted to mean the effective root directory itself.  Thus, .. (dot-dot) can-
       not be used to access files outside the subtree rooted at the effective root directory.

RETURN VALUES

       Upon successful completion, a value of 0 (zero) is returned.  If the chroot() function fails, a value of -1 is returned and errno is set to
       indicate the error.

ERRORS

       If the chroot() function fails, the effective root directory remains unchanged and errno may be set to one of the following values:  Search
       permission  is  denied  for any component of the pathname.  The path parameter points outside the process' allocated address space.  An I/O
       error occurred while reading from or writing to the file system.  More than MAXSYMLINKS symbolic  links	are  encountered  while  resolving
       path.  The length of the path argument exceeds PATH_MAX or a pathname component is longer than NAME_MAX.  The path parameter does not exist
       or points to an empty string.  A component of path is not a directory.  The process does not have appropriate privilege.

RELATED INFORMATION

       Functions: chdir(2)

       Commands: cd(1)

       Standards: standards(5) delim off

																	 chroot(2)