On 12/01/2008, TheO wrote:
According to my observation, regardless of his authentication (public key or password), he can only see a limited number of directories within the jail environment. The only directory which is virtually added by Cygwin during his login, and therefore beyond my control, is /cygdrive. Luckily enough for me, it is empty so in my opinion the user can't traverse my harddisk.
If you're happy with the results, that's fine. However, you asked how secure SFTP was. The answer is as I've said. Cygwin is not the O/S. It cannot enforce restrictions on the O/S. Only the O/S can restrict or grant access to users. I have not attempted to set up a jailed SFTP environment on Cygwin. It may be that what you've done hems the user into the area you want when he/she is using Cygwin tools. However, this does not restrict the user with Windows native tools. If he/she is able to leverage those inside the jail, then the user has the keys he/she wants to get out. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/