SFTP & Chroot
Dominick Grift
dominick.grift at gmail.com
Fri Nov 15 11:44:08 UTC 2013
On Fri, 2013-11-15 at 07:10 -0400, Jorge Fábregas wrote:
> On 11/14/2013 05:52 PM, Miroslav Grepl wrote:
> > What raw AVC msgs are you getting?
> >
> > What OS?
>
> Hi,
>
> As sson as I enter the password I get this in /var/log/secure:
>
> Nov 15 06:57:34 sftphd sshd[11179]: fatal: safely_chroot:
> stat("/var/ftp/"): Permission denied
>
> The home directory for the user is /var/ftp/pub (that's where it gets
> jailed in) and it is public_content_t as well.
It says that its not allowed to stat /var/ftp:
ls -dZ /var/ftp
But as a aside, if you want to chroot users to a non user home dir then
you might want to add that dir to the exclude dirs in semanage.conf
because else you might get into issues when policy is rebuilt and you
run restorecon on that location
because genhomedircon would treat that dir as a user home dir and add fc
specs for it
I think the ssh chroot functionality is BS
I created a screencast and put it you youtube in which i demonstrate how
to use SELinux to confine users with a need for chroots:
https://www.youtube.com/watch?v=3QYqA19dqbk
More information about the selinux
mailing list