[WBEL-users] SSH as an FTP server

[Jean Lee]

Hello Brett,

Jail and chrootssh have not the same function. Jail is a general binary 
to chroot a user but chrootssh is a patch to apply to OpenSSH.
I have not yet the answer about which is better.
I succeed in creating a chrooted sftp using Jail but not with chrootssh 
(I suppose it is because there were the library /etc/lib.so.cache to 
copy to chrootdir/etc (to make sftp working) and I only saw it when I 
tried Jail. Then I have not the time to test chrootssh anymore)

I have one question for you :

How did you set up the permissions in your chrooted environnement ?
I suppose that the user should be able to write in his home directory 
but not in the others so I set root to be the owner to all the 
directories with 755 permissions except the home directory and 
subfolders which are owned by the user with 700 permissions.
However, I think that it is not good that an executable could be wrotten 
in the home directory because a malicious intruder could go out of the 
chrooted environnement by writing and executing an suid binary.
What do you think about it ?

Thank you for your answer,

Jean


Brett Moss wrote:

>--- Jean Lee <jean.lee@free.fr> wrote:
>
>  
>
>>Hello Brett,
>>
>>Thanks a lot for your answer. It's just what I want.
>>Just a question : Does jail make sshd more
>>vulnerable ?
>>Is it a better solution than to patch Openssh with
>>chrootssh ( 
>>http://chrootssh.sourceforge.net/ )?
>>
>>Regards,
>>
>>Jean
>>
>>    
>>
>hello,
>i'm not sure i can answer that question.  i suggest
>you post it to the two projects mailing lists.  i sure
>would be interested in the results of that question.
>i can say though i have used jail (
>http://www.jmcresearch.com/projects/jail/ ) for quite
>some time with no problems at all.
>
>good luck,
>brett
>
>
>
>		
>__________________________________ 
>Do you Yahoo!? 
>Check out the new Yahoo! Front Page. 
>www.yahoo.com 
> 
>
>
>
>  
>