Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th May 2009, 22:04
danieljdoughty danieljdoughty is offline
Junior Member
 
Join Date: May 2009
Location: Kansas City
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Writable SFTP Chroot Jail?

I've been going round and round with this for a few days. If I use the openssh chroot jail that most people have HOWTOs for then everything is fast and straightforward on Ubunutu 9.x+ but then the user is unable to use the put command to write files. I thought I was alone in this until I ran into other's online who'd had the same problem. I'm referring to this form of SFTP chroot jails: http://www.howtoforge.com/chrooted-s...l-debian-lenny

I also have set up a server with RHEL5 and rssh which will give me a writable SFTP only configuration, but it's certainly not a jail as the user can cd all over the filesystem. And it's not like I can set / to 750 or something along those lines. Not to mention, clients get a little miffed when they realize that others can see their filenames and timestamps. In this case, I'm referring to a server set up along these lines: http://cybervault.blogspot.com/2008/...-sftp-and.html

I am not restricted by what version of OS I run beyond the fact that it's needs to be able to live on vmware. And really am pretty agnostic to approaches to tis, especially now that I've wasted a full 30 hours on the project with really nothing to show for it. Basically, this is an ISP sort of configuration. I will have multiple users SFTPing and possibly SCPing(not necessary, but would be nice) and they need to be jailed to the home directory. By jailed, I mean that the user's sftp request would land them in /ftphome/bob and they can not cd to /ftphome or to /, etc. And I need to have it answer on the default port of 22.

Perhaps I'm missing something very simple, but the more I talk to people I've worked with for years I'm coming to realize that most people just use this configurations and don't really set them up. Heck, I even tried loading freenas(a tiny linux distro that's not really meant for this sort of thing, but was willing to try anything)

Thanks for the advice ahead of time. This is my first post here, but I've use a few of the HOWTOs in the past.
Reply With Quote
Sponsored Links
  #2  
Old 8th May 2009, 15:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by danieljdoughty View Post
I've been going round and round with this for a few days. If I use the openssh chroot jail that most people have HOWTOs for then everything is fast and straightforward on Ubunutu 9.x+ but then the user is unable to use the put command to write files. I thought I was alone in this until I ran into other's online who'd had the same problem. I'm referring to this form of SFTP chroot jails: http://www.howtoforge.com/chrooted-s...l-debian-lenny
When I tried the tutorial on Debian Lenny, users could upload files just fine. Maybe it'S a problem with AppArmor - did you disable it?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 8th May 2009, 15:56
danieljdoughty danieljdoughty is offline
Junior Member
 
Join Date: May 2009
Location: Kansas City
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I used the debian instructions on Ubuntu and wasn't aware of AppArmor. It appears that AppArmor is similar to selinux on RHEL. Did you use the howto on debian or on Ubuntu? And how did you disable the AppArmor?

I think I destroyed my ubuntu vmware box I created, but I can always build another one.
Reply With Quote
  #4  
Old 9th May 2009, 13:12
danieljdoughty danieljdoughty is offline
Junior Member
 
Join Date: May 2009
Location: Kansas City
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Everette,

Your description of scponly is exactly how rssh works but unfortunately rssh doesn't prevent people from moving around the filesystem. Do you have a known build doc/HOWTO that implements scponly in a manner that actually jails the user?

Thanks,
Dan

Last edited by danieljdoughty; 9th May 2009 at 13:12. Reason: add clarity
Reply With Quote
  #5  
Old 6th September 2009, 02:27
trcinc1 trcinc1 is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: New Mexico
Posts: 18
Thanks: 2
Thanked 2 Times in 2 Posts
 
Default

Quote:
Originally Posted by danieljdoughty View Post
I've been going round and round with this for a few days. If I use the openssh chroot jail that most people have HOWTOs for then everything is fast and straightforward on Ubunutu 9.x+ but then the user is unable to use the put command to write files. I thought I was alone in this until I ran into other's online who'd had the same problem. I'm referring to this form of SFTP chroot jails: http://www.howtoforge.com/chrooted-s...l-debian-lenny
I had the same issue - I could not upload to /home. If I changed the owner/group or permissions, I could not log in via filezilla or CLI. My solution was: Made a dir under /home -- /home/upload - gave rw to user and all is fine.
Reply With Quote
Reply

Bookmarks

Tags
chroot jail, rhel5, sftp, ubuntu

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot sftp with openssh cisco Installation/Configuration 1 28th March 2009 09:37
chroot sftp server ubuntu karmellove Installation/Configuration 2 23rd March 2009 11:48
Improper use of CHROOT enviroment X secure file transfer between customer and admin. adrenalinic Installation/Configuration 1 21st December 2008 21:48
Postfix chroot ? knivla Server Operation 9 21st July 2007 06:35
ssh chroot works, but no scp for chroot users zokahn HOWTO-Related Questions 5 30th January 2006 09:33


All times are GMT +2. The time now is 13:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.