Re: Solaris 9 sftp-server
From: Andrew Danforth (acd@weirdness.net)
Date: 04/09/03
- Previous message: Thomas Krieger: "Re: Solaris 9 sftp-server"
- In reply to: Darren J Moffat: "Re: Solaris 9 sftp-server"
- Next in thread: Roy S. Rapoport: "Re: Solaris 9 sftp-server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Apr 2003 16:53:33 -0400 (EDT) From: Andrew Danforth <acd@weirdness.net> To: Darren J Moffat <Darren.Moffat@Sun.COM>
On Wed, 9 Apr 2003, Darren J Moffat wrote:
> That probaly won't work because sshd(1m) uses the login shell to exec
> the subsystem program (in this case /usr/lib/ssh/sftp-server).
I solved that problem by whipping up a quick program that emulates /bin/sh
as far as command line arguments go, yet only executes the sftp-server
binary regardless of what you feed it. Works fine for users that I want
to restrict to sftp access only.
My lightweight /bin/sh also chroots the user in to a file transfer jail
prior to executing sftp-server. To accomplish that I had to write a LKM
to allow non-root users to chroot themselves to the jail (and only the
jail). This prevents my file transfer users from poking around the entire
filesystem.
Andrew
- Previous message: Thomas Krieger: "Re: Solaris 9 sftp-server"
- In reply to: Darren J Moffat: "Re: Solaris 9 sftp-server"
- Next in thread: Roy S. Rapoport: "Re: Solaris 9 sftp-server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
