[scponly] chroot functionality ...
Kaleb Pederson
kpederson at mail.ewu.edu
Fri Mar 18 16:17:08 EST 2005
Ok. We currently have hundreds of users. Using scponly as delivered,
currently my only option is to setup a chroot per user. If, for example, the
required chroot is 18 megs (it is on one of my systems), this results in
gigabytes of storage space.
In our case, we need to protect users from the system, more than we do from
themselves, so I patched scponly so that it chroots to a fixed directory for
each user.
For example, usera has /home/usera as a home directory. When usera sftp's in,
scponly chroots to /path/to/chroot, and then cd's to /home/usera. Thus, I
can have many users all within the same chroot and without the fixed overhead
of 18 megs per user.
What does everyone think? Does this seem reasonable? Are other people
interested in this functionality?
I have attached a small patch that does this. A couple of things would need
to happen before this would work for everybody. The #define CHROOT_FIXED_DIR
would need to be set dynamically based on input to configure, and configure
would need to have an option to enable the fixed chroot dir. I believe this
should be mutually exclusive to the ENABLE_DEFAULT_CHDIR option.
Other than that.... it works for me (and hopefully I didn't really mess
something up ;).
Thanks.
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chroot.patch
Type: text/x-diff
Size: 2079 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20050318/f017c71a/chroot.bin
More information about the scponly
mailing list