Re: Change to OpenSSH - HomeDirectory

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: Change to OpenSSH - HomeDirectory
From: D'Arcy Cain <darcy%NetBSD.org@localhost>
Date: Fri, 13 Jan 2012 10:31:21 -0500

On 12-01-13 09:53 AM, Joerg Sonnenberger wrote:

I agree that a change is necessary. Damien et al should be pointed to
the recent ftpd advisory for FreeBSD for why chroot to home directory is
not necessarily a good idea. I can think of two alternatives that might


In fact, that's the issue.  The ideal solution for me would be to
chroot to the user's home directory and not let them access anything
else.  That's a bad idea though and sshd agrees.

work better -- looking up the home directory *again* in the chroot and


That's basically what my change does.  The chroot happens first and
then it changes directory as specified in the new directive.

removing the chroot prefix from the home directory.


Not sure what you mean.  Are you saying to change it in /etc/passwd or
to change it dynamically after the chroot?  The latter is more or less
what I do although in a more configurable way.

Generally, it is preferable to have at least consensus upstream about
the functionality and supposedly the patch. Maintaining e.g. the HPN
patch is painful enough as it is.


I agree.  That's why I sent it to them first.

--
D'Arcy J.M. Cain <darcy%NetBSD.org@localhost>
http://www.NetBSD.org/ IM:darcy%Vex.Net@localhost

Follow-Ups:
- Re: Change to OpenSSH - HomeDirectory
  - From: Joerg Sonnenberger

References:
- Change to OpenSSH - HomeDirectory
  - From: D'Arcy Cain
- Re: Change to OpenSSH - HomeDirectory
  - From: Joerg Sonnenberger

Prev by Date: Re: Change to OpenSSH - HomeDirectory
Next by Date: Re: Change to OpenSSH - HomeDirectory
Previous by Thread: Re: Change to OpenSSH - HomeDirectory
Next by Thread: Re: Change to OpenSSH - HomeDirectory
Indexes:

Home | Main Index | Thread Index | Old Index