Re: internal-sftp vs. /usr/libexec/sftp-server

Fri, 08 Jan 2010 08:51:10 -0800 

On 1/8/10, Todd T. Fries <t...@fries.net> wrote:
> You can chroot internal-sftp but not external.

well i chrooted external no prob, just put insude the chroot what ldd
/usr/libexec/sftp-server and i found out that the only thing, which is
sftp-server couldn't live without is /etc/pwd.db (besides minimal
device set described in sshd_config(5) and /dev/log).

well, that required a little research with ktrace...

the thing is, if i need to have any /usr/bin programs inside the
chroot, i'm gonna need /usr/libexec/ld.so and /usr/lib/*.so.*
anyway... so does internal sftp-server give any gain in such situation
besides some simplicity.

then what also is of interest, how do they match, external and
internal? if external is being modified, is internal taken care as
well?

thanks!!

>  Penned by Denis Doroshenko on 20100108 16:50.31, we have:
>
> | hi,
>  |
>  | is there any benefits of using internal-sftp over
>  | /usr/libexec/sftp-server (which is being used with default
>  | sshd_config)? sshd_config(5) says:
>  |
>  |              For file transfer sessions using
>  |              ``sftp'', no additional configuration of the environment is 
> nec-
>  |              essary if the in-process sftp server is used, though sessions
>  |              which use logging do require /dev/log inside the chroot 
> directory
>  |              (see sftp-server(8) for details).
>  |
>  | so default sshd_config uses a program, but internal-sftp is better for
>  | chroot. what are benefits of /usr/libexec/sftp-server except for stuff
>  | like timezone, locale, resolver etc. being initialized each time an
>  | sftp connection being made?
>  |
>  | thanks!
>
>
> --
>  Todd Fries .. t...@fries.net
>
>   _____________________________________________
>  |                                             \  1.636.410.0632 (voice)
>  | Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
>  | http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
>  | 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedae...@ekiga.net
>  | "..in support of free software solutions."  \  sip:4052279...@ekiga.net
>   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
>               37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
>                         http://todd.fries.net/pgp.txt

Reply via email to