[scponly] Need help with chrooted scponly 4.6 on centos 5
Kaleb Pederson
kibab at icehouse.net
Sat Sep 15 23:42:21 EDT 2007
It depends on your needs. If there is only one person using the incoming
folder, then you should secure it so that only that user has permissions to
access it.
When you specify the home directory for the user, scponly looks for a '//' to
decide where to chroot. If one isn't present it uses the whole directory as
the chroot directory, and then uses the optional CHDIR directory
(typically /incoming) to change directory to.
A couple example home directories:
/home/userguy - chroots to /home/userguy, uses / as default directory for the
user unless a CHDIR directory is specified.
/home/userguy//home/thedir - chroots to /home/userguy and then
uses /home/thedir as the users home directory.
Ideally, ever user will have his own chroot, so other users will never be able
to any of his files, even if they have poor permissions on them.
I hope that helps.
--Kaleb
On Saturday 15 September 2007, Security Team wrote:
> What are the permissions supposed to be on the incoming folder?
>
> drwxrwxrwx 2 root root 4096 Sep 15 12:02 incoming
>
> I set them to this and then I could start transferring files, but this
> seems a little open.
>
> Thanks,
> Chris
>
> On 9/15/07 3:48 PM, "Kaleb Pederson" <kibab at icehouse.net> wrote:
> > Glad it works!
> >
> > --Kaleb
> >
> > On Saturday 15 September 2007, Security Team wrote:
> >> OK I did this:
> >>
> >> chmod 777 dev/null
> >>
> >> In the chroot jail and now it logs in. Brutal!
> >>
> >> Thanks,
> >> Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20070915/e323787d/attachment-0001.bin
More information about the scponly
mailing list