Re: Solaris 9 sftp-server
From: Andrew Danforth (firstname.lastname@example.org)
Date: Wed, 9 Apr 2003 16:53:33 -0400 (EDT) From: Andrew Danforth <email@example.com> To: Darren J Moffat <Darren.Moffat@Sun.COM>
On Wed, 9 Apr 2003, Darren J Moffat wrote:
> That probaly won't work because sshd(1m) uses the login shell to exec
> the subsystem program (in this case /usr/lib/ssh/sftp-server).
I solved that problem by whipping up a quick program that emulates /bin/sh
as far as command line arguments go, yet only executes the sftp-server
binary regardless of what you feed it. Works fine for users that I want
to restrict to sftp access only.
My lightweight /bin/sh also chroots the user in to a file transfer jail
prior to executing sftp-server. To accomplish that I had to write a LKM
to allow non-root users to chroot themselves to the jail (and only the
jail). This prevents my file transfer users from poking around the entire