On Thu, 5 Mar 2009, James Carlson wrote:
>Darren J Moffat writes:
>> directory. However, with the plain SSH or the external SFTP
>> implementation, one has to properly populate the chroot directory with
>> (at least) a user's shell and all its shared libraries, the dynamic
>> linker, and possibly terminal databases and devices like /dev/null etc.
>
>That population task is tough enough to get right that we provide a
>script with ftpd (ftpconfig) that sets up a usable chroot anon ftp
>environment. Would something like that be useful here? (Perhaps not
>for internal-sftp, but rather for an ordinary user account being set
as mentioned in the case, if you use internal-sftp, you don't need
to put anything there - the process that was created before chroot() also
implements the SFTP protocol without any fork()/exec(). I should probably
add to the ChrootDirectory man page draft section that the directory must
exist beforehand.
J.
--
Jan Pechanec
