Re: Change to OpenSSH - HomeDirectory

[D'Arcy Cain <darcy%NetBSD.org@localhost>]

On 12-01-13 10:49 AM, Joerg Sonnenberger wrote:
> > That's basically what my change does.  The chroot happens first and
> > then it changes directory as specified in the new directive.
>
> I mean: you normally want to have a /etc/passwd in the chroot for
> user/group printing to work. So you could specify a chroot-relative home
> directory in that and sftp would honour that.

I know that that is true for normal chroot but I think that it is
different when you use internal-sftp in OpenSSH.  I know that I tried
that, making a modified /etc/passwd in the chroot area, and it did
not work.

> > Not sure what you mean.  Are you saying to change it in /etc/passwd or
> > to change it dynamically after the chroot?  The latter is more or less
> > what I do although in a more configurable way.
>
> If the chroot is /u and the home directory is /u/eve, drop the prefix
> after chrooting and use /eve as home directory. That's what many daemons
> do for configuration files.

Yes, that's effectively what I do since all my users are under /u and
their home directory and login name are the same.  My directive does
give more flexibility than that though.  Still, if the OpenSSH people
were to implement your method that would certainly be fine for my
own purposes.  If they wanted to be more flexible they could make
it a regex:

  "/u(.*\)" ==> "\1"

Now, the more I think about it, the more I think that the root stripping
is the way to go and that it should actually be the default.  When
would you ever want to keep the original home directory in a chrooted
environment?  It would also be an even smaller patch.

--
D'Arcy J.M. Cain <darcy%NetBSD.org@localhost>
http://www.NetBSD.org/ IM:darcy%Vex.Net@localhost