Re: Solaris 9 sftp-server

From: Andrew Danforth (acd@weirdness.net)
Date: 04/09/03

  • Next message: SimonChan@lifeisgreat.com.sg: "what to turn on for solaris auditing"
    Date: Wed, 9 Apr 2003 16:53:33 -0400 (EDT)
    From: Andrew Danforth <acd@weirdness.net>
    To: Darren J Moffat <Darren.Moffat@Sun.COM>
    
    

    On Wed, 9 Apr 2003, Darren J Moffat wrote:

    > That probaly won't work because sshd(1m) uses the login shell to exec
    > the subsystem program (in this case /usr/lib/ssh/sftp-server).

    I solved that problem by whipping up a quick program that emulates /bin/sh
    as far as command line arguments go, yet only executes the sftp-server
    binary regardless of what you feed it. Works fine for users that I want
    to restrict to sftp access only.

    My lightweight /bin/sh also chroots the user in to a file transfer jail
    prior to executing sftp-server. To accomplish that I had to write a LKM
    to allow non-root users to chroot themselves to the jail (and only the
    jail). This prevents my file transfer users from poking around the entire
    filesystem.

    Andrew


  • Next message: SimonChan@lifeisgreat.com.sg: "what to turn on for solaris auditing"