Well, could you (or someone else) point me in the direction of a clear and well defined guide for centos 5.4 and setting up jailing of chroot users that won't allow them to path outside of their jailed directories at all?
I know of rssh part of things to restrict commands etc. But I need the chroot side of things too. So far in those that DO have chroot running, they've had to build later versions of openssh and I'd rather have a packaged install from rpm/epel or centos. On Fri, Mar 5, 2010 at 4:32 PM, Michael Mansour <[email protected]> wrote: > Hi, > > > I'd like to see rpmforge look to update OpenSSH to 4.8p1 or later. > > Reason is this version (from what I can determine) has the built-in > ability > > to Jail users to their home directory if you enabled SSH (IE: SFTP). > > > > But in the versions available in centos / rpm / epel they are all at > > 4.3 something. > > The last openssh version I have: > > openssh-4.3p2-36.el5_4.2.i386 > > Supports it (from the man page): > > ChrootDirectory > Specifies a path to chroot(2) to after authentication. This > path, and all its components, must be root-owned directories > that > are not writable by any other user or group. > > The path may contain the following tokens that are expanded at > runtime once the connecting user has been authenticated: %% is > replaced by a literal \u2019%\u2019, %h is replaced by the home > directory > of the user being authenticated, and %u is replaced by the > user- > name of that user. > > The ChrootDirectory must contain the necessary files and > directo- > ries to support the users\u2019 session. For an interactive > session > this requires at least a shell, typically sh(1), and basic /dev > nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), > arandom(4) and tty(4) devices. For file transfer sessions > using > \u201csftp\u201d, no additional configuration of the > environment > is neces- > sary if the in-process sftp server is used (see > \u201cinternal-sftp\u201d > will force the use of an in-process sftp server that requires > no > support files when used with ChrootDirectory. Subsystem for > details). > > The default is not to chroot(2). > > Regards, > > Michael. > > > Thanks in advance! > > > > -- > > Victor ('Daworm') > > * Melbourne Wireless Node: KDJ & KDT > > * Natural Selection 2 Wiki Sysop > > (http://www.unknownworlds.com/ns2/wiki/) * AoCWiki Sysop > > (http://aoc.wikia.com/) * Twitter: @dawormie > ------- End of Original Message ------- > > -- Victor ('Daworm') * Melbourne Wireless Node: KDJ & KDT * Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/) * AoCWiki Sysop (http://aoc.wikia.com/) * Twitter: @dawormie
_______________________________________________ suggest mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/suggest
