Re: chroot and access to directory OTHER than user's home directory.....

Export the directory through NFS. Then have your other users mount the NFS
directory within their own chrooted environment.

Or configure all the users to use the same home directory /Whatever/Drop ,
but they would have to have the same keys. But you would still be able to
log who uploaded what by their usernames.


From: Jon Price <jonelwoodprice@xxxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Date: 02/09/2010 06:42 PM
Subject: chroot and access to directory OTHER than user's home
Sent by: listbounce@xxxxxxxxxxxxxxxxx


I need to allow multiple users (users connecting from different
machines) access to a box so they can all drop (via sftp) files in a
common drop area, say /Whatever/Drop.
If I use OpenSSH with chroot and a single account "dropaccount", then
all users can access that account via sftp given the appropriate setup
(sshd_config, public keys and such).
The /Whatever/Drop directory is owned by a different account name.
That can't change.

How can I allow these users to access the /Whatever/Drop directory?

Thought maybe a symbolic link from the dropaccount's home directory
over to /Whatever/Drop might work, but it doesn't (and maybe for good
reason). But how can this be done?

Also, I think the issue is the same even if there is just one user
accessing the box this way, ie. the multiple users might just confuse
things here. So could consider just a single user with these


Relevant Pages

  • Re: Only an ftp account
    ... You may also want to add that user to /etc/ftpchroot which will chroot ... them to their home directory. ... > How would I be able to give an account to someone where they can only ... with "unsubscribe freebsd-security" in the body of the message ...
  • Re: Giving limited access to remote FTP user via vsftpd
    ... I always chroot the user. ... chroot the user, then create symblink in the users home directory, to ... but is a wonderful feature if you use it right. ... get a custom view of FTP that can follow any path I let them into. ...
  • Re: concurrent users in one account
    ... The only part that needs to be copied to each account ... >> app configuration level, not at the user configuration level. ... None of what I said was meant to be used with chroot... ... needs a shell, ...
  • Re: Problems with Sudo
    ... Under chrootssh I wouldn't expect anything else because chroot ... non-sudo account, su to another account, and run sudo as long as that ... Any one of the three cuts brute force attacks ...
  • Re: 2 FTP Questions
    ... account potentially open. ... If there is a vulnerability then it is the FTP daemon process ... that will be compromised and the access that the attacker gets to your ... Chroot greatly limits the potential for such attacks. ...