On Sun, 19 Jan 2014 07:35:05 -0800 Ben Walton <bdwal...@gmail.com> wrote:
> > I'm getting chroot for some@user when the UID is different than 0. > > If the UID for some@user is set to 0, I'm no longer getting the > > chroot and I'm able to browse the whole server. > > What do you expect to achieve by chrooting a uid=0 account? With > uid=0, it is easy to step out of a chroot...chroot is not a security > mechanism. My usage scenario is as follows: - user rsyncs (or uses sftp) data to a chrooted environment, - as uid=0, the user is able to keep uids/gids exactly in sync with the origin server. I'm aware that it's trivial to get out of chroot if you have a root shell, but my impression was that rssh was the tool to prevent it. Are there any known security issues with rssh which would allow a chrooted user with uid=0 to bypass chroot? I assume the following: - allowscp, allowsftp, allowrsync options enabled - chroot environment read only, except the area where the users puts new data -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
