Thread: Chrooted SFTP & logging problems
View Single Post

  #7  
Old 08-21-2008, 06:33 AM
Default Re: Chrooted SFTP & logging problems
Got it - I needed to the patch to openssh 5.1p1 (which'll hopefully
rolled into future versions) to enable parameters to the 'ForceCommand
internal-sftp' in the link mentioned earlier:

http://lists.mindrot.org/pipermail/o...st/026781.html

And on Solaris 10 x86 using syslog-ng, all I needed was the existence
of the /dev/conslog device file in the chroot jail (writeable by the
chroot user as well).
Perms are quite tricky too.

Create the device file:
% ls -lL /dev/conslog
crw-rw-rw- 1 root sys 21, 0 Jun 5 14:36 /dev/conslog
% mkdir /export/home/chrootuser/dev
% mknod /export/home/chrootuser/dev/conslog c 21 0

Set perms:
% chown root:chrootusergroup /export/home/chrootuser /export/home/
chrootuser/dev /export/home/chrootuser/dev/conslog
% chmod 710 /export/home/chrootuser /export/home/chrootuser/dev
% chmod 660 /export/home/chrootuser/dev/log

Now my main problem is the start directory. Because the top of the
jail needs to be mode 750 (I may be able to do away with this by not
using strict modes in ssh) I need to set a start directory for the
sftp user. This will hide the dev directory as well. Figuring how to
do this.




Reply With Quote