[scponly] Limiting to home directory without chroot?

Fri Sep 30 13:21:28 EDT 2005

On Fri, Sep 30, 2005 at 09:44:13AM -0700, Kaleb Pederson wrote:
> On Friday 30 September 2005 7:38 am, scponly-7264 at tagged.lorens.org wrote:
> > I want to set up secure communications for an existing FTP
> > server. I thought I'd use scponly. The only way to limit a user
> > to his home directory seems to be by chrooting the user. Is this
> > correct? Why?
> 
> Although this is the only *sure* way, there are others depending on what your 
> goals are.  For example, you can set it up so that the user can get to his 
> home directory, but not list other peoples home directories (and, of course, 
> permissions should prevent him from getting to other persons' directories).  
> You could set it up using a sftp-patch (I think there is one out there) that 
> prevents the user from CD'ing into different directories, but if you have 
> enabled scp access, that isn't sufficient.
> 
> > I don't feel like setting up chroot environments for some 10000
> > users, and the "set up a single chroot and hang all users off
> > it" won't work for me (home dirs have to be accessible by
> > others, but not coming through ftp/sftp/scp).
> 
> Can you explain why it won't work for you?  It works for many of us, so unless 
> there are special conditions that you need to meet, it will probably work.

It's a web server, and the accounts are used as web sites. Apache runs
as its own user and thus needs o+rX to read pages, but one student shouldn't
be able to read another's PHP. Putting all files into the apache group,
but not the users, would solve that problem, but then I have to find a
way to make sure that files have the correct group on upload.

Maybe change everything and make apache run as each user, haven't
thought about it, but it seems a much greater change than just adding
"secure upload your files".

> Scponly isn't a server, it's a pseudo-shell.  All it does is [optionally] 
> chroot the users to a directory and place them in a directory where they have 
> access.  Depending on permissions and configure options, it then allows them 
> to execute only limited commands, possible only sftp.
> 
> Scponly doesn't do the forbidding, sftp or the other command must do the 
> forbidding.  In certain cases, sftp might not allow them to execute the cd 
> command at all (for example, if only sftp access is allowed).

Limiting scponly users to sftp only is definitely an option. So
I should look at tweaking the sftp subsystem? It's not cd itself
that I want to forbid, just cd above home dir. If sftp can do
that, then perfect.

> There is FTP over SSL which several unix clients/servers support, as well as 
> some commercial windows ones.  Google is your friend.

Yes :-) I'd like it to work with as many windows clients as
possible, but as it's just setting up I'm not afraid of calls
saying "it worked with XXXXXXX before!!!!!" :-)

Thanks!