I'm trying to create a user that can only rwx from one directory with chroot.
they are uploading files using winscp. I want to completely lock them to /home/user/upload (no other dirs)
anyone have a quick list of steps? been trying to edit sshd_config for just that user but keep running into permission issue for directory. what should they be?
Thanks
Ben
On Thu, 2013-11-07 at 21:27 -0500, ben@acustat.org wrote:
they are uploading files using winscp. I want to completely lock them to /home/user/upload (no other dirs)
I did this once, and I did it by giving the users a restricted shell, which was a perl script that checked the arguments to be sure that they were not trying to log in interactively (scp only), and not trying to copy anywhere outside their home tree (done by checking for names beginning with "/" or ".."). I don't know if that would be good enough to block out a high-level adversary, but it worked for me.
--Greg
On 8 November 2013 02:27, ben@acustat.org wrote:
I'm trying to create a user that can only rwx from one directory with chroot.
they are uploading files using winscp. I want to completely lock them to /home/user/upload (no other dirs)
anyone have a quick list of steps? been trying to edit sshd_config for just that user but keep running into permission issue for directory. what should they be?
Is this what you're doing? http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-ope...
On Fri, 2013-11-08 at 08:29 +0000, Ian Malone wrote:
http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-ope...
That looks a lot less kludgy than my "third party hack". I don't think this was available when I did it (back in my Solaris days, mid-90's or so).
--Greg
On 11/08/2013 06:02 AM, Greg Woods issued this missive:
On Fri, 2013-11-08 at 08:29 +0000, Ian Malone wrote:
http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-ope...
That looks a lot less kludgy than my "third party hack". I don't think this was available when I did it (back in my Solaris days, mid-90's or so).
You can chroot an scp user through the standard sshd_config options "Match User" and "ChrootDirectory" options (see "man sshd_config"). You can sort of think of it as a ssh/scp chroot jail like FTP. We do it all the time. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - 500: Internal Fortune Cookie Error - ----------------------------------------------------------------------
-
ben@acustat.org -
Greg Woods -
Ian Malone -
Rick Stevens