- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: restirct sftp user "cd' to other directories
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2011 08:42 PM
тАО04-11-2011 08:42 PM
restirct sftp user "cd' to other directories
i hv configured a user "test" with /home/test and enabled chroot and disabled ssh login,allowed only sftp.when this user do an sftp from otyher machine ,it is able to 'cd" to system directoires and able to pick sensitive passwd files etc ..
how to prevent an sftp user to do "cd" except his home folder
OS HPUX 11.11
rgds,trng
- Tags:
- sftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2011 08:53 PM
тАО04-11-2011 08:53 PM
Re: restirct sftp user "cd' to other directories
> /home/test and enabled chroot [...]
> able to 'cd" to system directoires [...]
If the user can "cd" to places outside his
chroot directory, then my guess would be that
you have not really "enabled chroot" for this
user. Of course, with my weak psychic
powers, and your vague description of how you
"configured a user", I have no idea what you
actually did, so it's not easy for me to
guess what is actually happening.
As usual, showing actual commands with their
actual output can be more helpful than vague
descriptions or interpretations.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2011 01:39 AM
тАО04-13-2011 01:39 AM
Re: restirct sftp user "cd' to other directories
i hv enabled chroot and /etc/passwd it is shwoing a chrroted user..my problem is the sftp user can access /etc/passwd and other few system sensitive files ...how to prevent a chroot user to do cd to system filesystems
rgds,trngg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2011 03:37 AM
тАО04-13-2011 03:37 AM
Re: restirct sftp user "cd' to other directories
In other words, you required a chroot ftponly user.
So for this create a folder "pub" in home folder /home/test with ownership of user test.
And in /etc/passwd file this home filder should look like... "/home/test/./pub"
Create two folders "usr/bin" and "etc" inside /home/test with ownership of root:other.
Copy /etc/passwd file to this etc folder and edit so it contain only "root" and "test" user entry. remove all other users.
Copy /etc/group file to this etc folder and edit so it contain "ftponly" and "other" group. Remove all other groups.
Copy /sbin/ls to usr/bin folder.
Shell of this user should be /usr/bin/false,
group should be ftponly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2011 05:44 AM
тАО04-13-2011 05:44 AM
Re: restirct sftp user "cd' to other directories
What, exactly, does that mean? What,
exactly, did you do?
> and /etc/passwd it is shwoing a chrroted
> user.
What, exactly, does that mean? What,
exactly, do you see?
> [...] ...how to prevent a chroot user to do
> cd to system filesystems
> If the user can "cd" to places outside his
> chroot directory, then my guess would be that
> you have not really "enabled chroot" for this
> user.
Still true.
> As usual, showing actual commands with their
> actual output can be more helpful than vague
> descriptions or interpretations.
Still true. (Was some part of that unclear?)