Chrooting (for ftp) in Solaris.

Tue, 10 Oct 2000 18:56:35 -0700 

Hi everybody.

I have tried to configure the chrooting (this is, an user "jailed" in his
home directory since is connected to the system by ftp), but I haven't been
able. I got a Solaris 2.6 system, and the commercial version of SSH. In the
FAQ, it says (as I posted some weeks ago):

2.4:

Q: How do I set up chrooted accounts (with restricted shell access, and
   only file transfer access) with sshd2?

A: First, you should make sure that the static binaries of
   ssh-dummy-shell and sftp-server2 got compiled with the rest. The
   binaries are named (creatively) ssh-dummy-shell.static and
   sftp-server2.static.
  
   Then, run
     % ssh-chrootmgr <username> ...
  
   This copies the binaries to the user's bin-directory ($HOME/bin)
   (and creates the bin directory, if necessary).
  
   The next step is to add the user to the server's configuration file
   (/etc/ssh2/sshd2_config, usually). Use ChRootUsers or ChRootGroups
   variable. If you use ChRootGroups, remember that all users whose
   _primary_ group is the one listed in the configuration variable will
   be chrooted. But, even if the user belongs to a group that is listed
   in ChRootGroups, but it isn't her primary group, the user won't be
   chrooted. *whew*
  
   After this you should change the user's login shell in /etc/passwd,
   with vipw, for example (or whatever you use to manage the
   accounts). The new shell should be /bin/ssh-dummy-shell (which, from
   the chrooted users perspective, will be the one in $HOME/bin).
  
   After this, restart the daemon, or kill -HUP it.

   Note: make sure, that there is a line

      subsystem-sftp      sftp-server

   in sshd2_config. Otherwise the user won't be able to do anything.

   NOTE: This doesn't work with Solaris. Solaris doesn't support this
   kind of static linking. You have to use the normal binaries and copy
   the needed libraries to the user's environment too. Unfortunately we
   don't have a tool for that (yet).

Well, I have done all it says, but I always can browse all directories with
the graphical interface of SSH Secure Shell File Transfer.

Have someone done it?

Also, I have searched in the list archive...  I'm afraid I don't have a
non-ambiguous, clear way to do this on Solaris.

I really thank you for your help.

Cordialmente,
   Mario Rinc�n

Reply via email to