[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-dev] jk_chrootsh wants me to be the owner
From: |
dschung |
Subject: |
[Jailkit-dev] jk_chrootsh wants me to be the owner |
Date: |
Wed, 26 Aug 2009 08:30:17 +0200 (CEST) |
User-agent: |
SquirrelMail/1.4.6 |
Hi,
I'm experimenting with jailkit and found an unexpected behavior:
Aug 25 17:25:16 vmw140 sshd[11295]: subsystem request for sftp
Aug 25 17:25:16 vmw140 jk_chrootsh[11296]: path
/storage/blub/viertertest/./storage is group writable
Aug 25 17:25:16 vmw140 jk_chrootsh[11296]: path
/storage/blub/viertertest/./storage is not owned by user 1009
Aug 25 17:25:16 vmw140 jk_chrootsh[11296]: path
/storage/blub/viertertest/./storage is not owned by group 1000
Aug 25 17:25:16 vmw140 jk_chrootsh[11296]: abort, path
/storage/blub/viertertest/./storage is not owned by 1009
I understand that the user should have some rights to his own homedir, but
being the owner is a bit too much.
Up to now, I'm using the internal chrooting capabilities of openssh to
jail my users to their homedirs. But I can use this feature for sftp only
and I'd like to provide rsync as well, so I have to switch the solution.
Jailkit works really nice (a lot more comfortable than rssh or scponly,
thanks for this nice tool :) ), but in my case, I have different users
sharing the same homedir. So, I would have to set the owner for
"/storage/blub/viertertest/./storage" to different users, which is not
possible. OpenSSH contents itself with setting the rights with setfacl to
the directories shared by different users, (e.g. setfacl -m
u:1009:rwx,d:u:1009:rwx /storage/blub/viertertest/storage).
So it would be nice, if jk_chrootsh would check the acl-rights and not
only the owner/group.
Regards,
Gregor
--
Gregor Dschung
System Life Guard, HiWi
Fraunhofer-Institut für Techno-
und Wirtschaftsmathematik ITWM
Fraunhofer-Platz 1
D-67663 Kaiserslautern
E-Mail: address@hidden
Internet: www.itwm.fraunhofer.de