Mailinglist Archive: opensuse-security (196 mails)

< Previous Next >
Re: [suse-security] limiting sftp users to specific dir
  • From: Hugo <hg.list@xxxxxxxxx>
  • Date: Fri, 22 Oct 2004 19:17:42 +0300
  • Message-id: <6f133dde04102209176ecf8675@xxxxxxxxxxxxxx>
Hi!

On Thu, 21 Oct 2004 11:30:07 -0400, suse@xxxxxx <suse@xxxxxx> wrote:
>
> You probably want scponly w/chroot enabled. A type of shell that only
> allows sftp/scp access. chroot means that the person's home directory
> will become their root directory, so they can't get outside it.

Thanks. I thought chroot meant setting up a some kind of "virtual"
server within another server. I didn't know users can be chrooted.

Again, I'm worried about how such a shell would work when the user
logs in from the console (at home)? Or do I have to set up 2 accounts
for each? That would really make a mess of the file permissions...?

> http://www.sublimation.org/scponly/

This looks interesting and much cleaner than the chrooted OpenSSH
system (which really sounds like a bubblegum patching... is this
really something that can not be done with the OpenSSH? How do
corporations for example provide SCP/SFTP-file sharing to their
customers? Do they use windows or do they just trust the customers to
not go knocking around? Or do they all just apply these patches and
hope that they can keep up with updates (as YOU probably doesn't
handle this kind of stuff... ) I thought this would be the most used
configuration for SCP/SFTP and I thought I was just blind to see some
obvious switch somewhere... sigh.

I guess Linux isn't that safe operating system after all... one really
needs to know and be active (=spend lot's of time to get the basic
stuff working) to get it safe. Or buy the stuff from SSH.

--
HG

< Previous Next >
Follow Ups
References