[scponly] RE: scponly - openssh symlinks..

wbr oblyr joe at sublimation.org
Sun Mar 30 16:57:40 EST 2003 

Hello Sylvain,

If I am understanding you correctly, I think i can help with some more
information.  There are two things to note about using chroot for non-home
directory installations:

1) you can set a user's home directory to something other than /home/foo.
you can set it to be whatever you like, on whichever filesystem you want.
(you probably knew this already.)

2) in conjunction with #1, there is another feature of setting a user's
home directory, specific to scponly.  you can specify the home directory
as follows:

/bigdisk//guest/

(or whatever)

the // is a token that marks the division between the chroot dir
specification and the directory within the chroot to chdir to after login.

so, in the example scponly would:
	- chroot to /bigdisk (which contains .ssh)
	- chdir to guest, which contains the files you want to share

in this way, users can be automatically chdir'ed into a directory they can
write too.

i hope this helps,
joe


ps - thanks to Stefan Sami-Soueiha <stefan.sami at gmx.de> for his patch that
does this feature.


----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2


On Fri, 28 Mar 2003, Sylvain Bolduc wrote:

> Hello,
>
> I've found out that rssh seems to be able to chroot to a different directory other than the user home directory.
> (This is configurable using by using a conf file on a user basis)
>
> The good thing, is the public key authentication still happening first inside the user home directory. (not breaking .ssh)
>
> This is pretty nice to have, since I don't require symlinks anymore.. It's probably nicer to security...
> I've just tested it, and it seems to work fine!
>
>
> But my problem with rssh ,  is it's NOT supporting winscp, and breaking some scp commands !@!!
>
>
> Any idea if you could implement this "variable" chroot feature into future scponly releases ?
>
>
> Sylvain Bolduc
>
> -----Original Message-----
> From: Sylvain Bolduc
> Sent: Friday, March 28, 2003 3:57 PM
> To: 'joe at sublimation.org'
> Subject: scponly - openssh symlinks..
>
> Hello,
>
> I'm presently using your openssh "restricted shell" called scponly.
> (It's really a must for openssh ftp users...!
>
> I'm setuping an openssh ftp server with public key authentication and some shared folder's
>
> My problem is I need to have distinct home directory for having public key auth support and to chroot the user in.
>
> If I chroot the user, I lost access to the shared folders. (even with symlinks)
>
>
> Is it possible to chroot with symlinks support ?
>
>
> Thanks.
>
> Sylvain Bolduc
>
>
>
> AVIS IMPORTANT:
> -------------------------------
> Les informations contenues dans le present document et ses pieces jointes sont strictement confidentielles et reservees a l'usage de la (des) personne(s) a qui il est adresse. Si vous n'etes pas le destinataire, soyez avise que toute divulgation, distribution, copie, ou autre utilisation de ces informations est strictement prohibee. Si vous avez recu ce document par erreur, veuillez s'il vous plait communiquer immediatement avec l'expediteur et detruire ce document sans en faire de copie sous quelque forme.
>
> WARNING:
> -------------------------------
> The information contained in this document and attachments is confidential and intended only for the person(s) named above. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution, or any other use of the information is strictly prohibited. If you have received this document by mistake, please notify the sender immediately and destroy this document and attachments without making any copy of any kind.
>
>

More information about the scponly mailing list