James Carlson wrote: > Darren J Moffat writes: >> directory. However, with the plain SSH or the external SFTP >> implementation, one has to properly populate the chroot directory with >> (at least) a user's shell and all its shared libraries, the dynamic >> linker, and possibly terminal databases and devices like /dev/null etc. > > That population task is tough enough to get right that we provide a > script with ftpd (ftpconfig) that sets up a usable chroot anon ftp > environment. Would something like that be useful here? (Perhaps not > for internal-sftp, but rather for an ordinary user account being set > up for chroot use.)
Maybe but I'd rather it wasn't part of this case. The common case for SSH chroot is for SFTP and the use of the internal-sftp is the best solution for that. chroot environments cause a significant patching/pkg update problem and I'd rather not encourage use of building those environments. I suspect the script for ftpd would be sufficiently close to work for SSH anyway. -- Darren J Moffat
