Home / server / Questions / 96732
Accepted
Josh Brower
Asked: 2009-12-23 11:08:41 +0800 CST

RHEL 5.4 & Chrooted SFTP

  • 772

According to release notes, RHEL 5.4 included an update to setup chrooted SFTP accounts natively. But from what I am seeing, it is all or nothing--This means that even root is chrooted if you go this route.

Has anybody used this successfully? How did you configure it so that you could still do sysadmin tasks, if root is chrooted?

Thanks-

Josh

rhel5

3 Answers

  1. Best Answer

    I just built the tarballs from openssh.org for our RHEL5 boxes. Current OpenSSH has this chroot functionality built in and it's pretty easy to set up.

    I think the RPM's from openssh.org even have a template spec file, so rebuilding an RPM is easy as pie too.

    • 3

  2. This article describes how to build an RPM for CentOS 5 of a recent version of OpenSSH.

    • 0

  3. One possibility is to set the root user home directory (or whoever the admin users are) to "/". I don't know what the downsides to this approach are, but it seems to work.

    In my case, I'm considering setting

    sshd_config:

    #chroot to home directory. Root gets /. Users get /var/www. 
ChrootDirectory %h  
Subsystem       sftp    internal-sftp

    passwd:

    root:x:0:0:root:/:/bin/bash
joe:x:500:500::/var/www:/bin/bash

    Then, 'joe' will have a subfolderfolder in /var/www that he has access to.

    • 0