[scponly] Re: scponly Digest, Vol 36, Issue 12
brett
brett at librum.org
Thu Dec 29 14:24:08 EST 2005
4.3 fixed OpenBSD and FreeBSD for me as well, except for one problem.
Unfortunately, the new model where the chroot dir has to be owned by
root makes scponly incompatible with qmail using local users.
Previously, you could have all the files/directories that a user
could modify (dotfiles, .ssh, etc) owned by root while still allowing
the user to own their home directory. Assuming you are conscientious
when you setup their homedir/chroot environment, there's no
difference in security that I can think of. You might want to enable
that enforcement by default, but allow it to be removed with an
argument to configure.
best,
brett
More information about the scponly
mailing list