[scponly] why does sftp (scponly ?) allow me to cd into directories
I shouldnt be able to ?
Ensel Sharon
user at dhp.com
Wed Jun 28 18:24:16 EDT 2006
In unix file permissions, if a directory is 0700, and I am not the owner,
or a member of the group, I cannot cd into that directory. The end.
So I am _very_ surprised to find that when an scponlyc chrooted user uses
sftp to connect to an scponly server, they can cd into others' incoming
directories, even though those incoming dirs are 0700.
Now, they can't see the contents of them, which is good (phew) but why can
they cd into them at all ? Unix permissions says that they _most
certainly cannot_.
Is this some behavior of sftp, wherein if it sees a directory, and you
tell it to cd there, it pretends that it does, or assumes that it does,
even though it cannot ?
As far as file access and cd'ing even deeper into the (wrong) users'
incoming directory, it behaves the way I think it should, but why can sftp
go into the first level of others' incoming directories ?
More information about the scponly
mailing list