Re: File Permissions not working in chroot environment? (SSH2 on Linux)

• Previous message: Sundaram Ramasamy: "Re: Problem with SSH on Solaris 9"
• In reply to: Merten Schueler: "File Permissions not working in chroot environment? (SSH2 on Linux)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: elvis@notatla.demon.co.uk (all mail refused)
Date: Thu, 27 Mar 2003 21:56:08 +0000 (UTC)

In article <b5vk0i$1mb$00$1@news.t-online.com>, Merten Schueler wrote:
>Hi,
>
>I have just installed the non-commercial version SSH2 (3.2.0) on my SuSE
>Linux 8.0 Machine. I have set up a chrooted environent to allow users to
>do SFTP transfers to their home dirs, using the ssh-dummy-shell.
>
>Everything works fine, except one problem: File permissions seem to have
>no effect. If I create a file as root with permissions set to 600 in the
>users home dir, that user may delete it via the SFTP Client.
>
>What am I doing wrong, is there a way to prevent this?

The ability to delete a file comes from the write permission on the directory
holding it - nothing to do with the file's own owner and mode. If these users
are not supposed to have interactive logins perhaps root should be the owner
of their home directories.

If you feel like something more exotic you could patch the kernel to have
different behaviour (such as ban sys_unlink()) if the current process's
root is not the root of init.

-- 
decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp
I don't use: mpeti_ka15@rediffmail.com sales@licaplast.com
             stopmail100@emailacc.com  sir_nat_the_brat@hotmail.com

• Previous message: Sundaram Ramasamy: "Re: Problem with SSH on Solaris 9"
• In reply to: Merten Schueler: "File Permissions not working in chroot environment? (SSH2 on Linux)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]