[scponly] Need help with chrooted scponly 4.6 on centos 5
Security Team
security at peakpeak.com
Mon Sep 17 17:25:52 EDT 2007
On 9/15/07 9:42 PM, "Kaleb Pederson" <kibab at icehouse.net> wrote:
> It depends on your needs. If there is only one person using the incoming
> folder, then you should secure it so that only that user has permissions to
> access it.
>
> When you specify the home directory for the user, scponly looks for a '//' to
> decide where to chroot. If one isn't present it uses the whole directory as
> the chroot directory, and then uses the optional CHDIR directory
> (typically /incoming) to change directory to.
>
> A couple example home directories:
>
> /home/userguy - chroots to /home/userguy, uses / as default directory for the
> user unless a CHDIR directory is specified.
> /home/userguy//home/thedir - chroots to /home/userguy and then
> uses /home/thedir as the users home directory.
This is a prety useful feature. I wasn't able to get it to work though. I
tried:
/home/userguy//home/userguy/incoming
This is with the idea that I'd chroot them to their home dir, but then plop
them into the incoming dir when they logged in.
Chris
>
> Ideally, ever user will have his own chroot, so other users will never be able
> to any of his files, even if they have poor permissions on them.
>
> I hope that helps.
>
> --Kaleb
>
>
> On Saturday 15 September 2007, Security Team wrote:
>> What are the permissions supposed to be on the incoming folder?
>>
>> drwxrwxrwx 2 root root 4096 Sep 15 12:02 incoming
>>
>> I set them to this and then I could start transferring files, but this
>> seems a little open.
>>
>> Thanks,
>> Chris
>>
>> On 9/15/07 3:48 PM, "Kaleb Pederson" <kibab at icehouse.net> wrote:
>>> Glad it works!
>>>
>>> --Kaleb
>>>
>>> On Saturday 15 September 2007, Security Team wrote:
>>>> OK I did this:
>>>>
>>>> chmod 777 dev/null
>>>>
>>>> In the chroot jail and now it logs in. Brutal!
>>>>
>>>> Thanks,
>>>> Chris
>
>
More information about the scponly
mailing list