Re: Protecting a file in internal-sftp jail (chroot)



Eriberto,

If your filesystem supports it you can use the extended attribute immutable:

chattr +i .htaccess

So nobody should be able to modify the file.

Seb

Eriberto wrote:
Hi all,

I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
5.1p1). I followed the steps found at
http://www.debian-administration.org/articles/590 and it is working
fine. But I have a little problem. I am using this process to give
access to users put files in directories into /var/www (Apache) and
each directory has a .htaccess to force a password to access from a
browser.

My problem is: the jail user can delete the .htaccess file and I need
to prevent it. But, in jail, the user has root power.

Final question: how to make to protect a file in a jail made using
internal-sftp?

Thanks a lot in advanced.

Regards,

Eriberto - Brazil