View previous topic :: View next topic |
Author |
Message |
mycroes Tux's lil' helper
Joined: 26 May 2003 Posts: 110 Location: Netherlands
|
Posted: Mon May 21, 2007 2:46 pm Post subject: |
|
|
My jails would've been located in /home/username. I know that noexec would break them, so if I'm going without jails is perhaps more secure because I don't have to worry about any users being able to write anywhere with execute privileges. I use sftp to have clients upload their website...
Regards,
Michael _________________ In a world without walls or fences we don't need windows or gates |
|
Back to top |
|
|
humbletech99 Veteran
Joined: 26 May 2005 Posts: 1229 Location: London
|
Posted: Mon May 21, 2007 5:05 pm Post subject: |
|
|
err, there is a very good reason to chroot sftp, otherwise they can enumerate all users, look around in your system, steal files etc.
You'd have to do a lot of work to stop them and not all of this is stoppable without breaking your server, hence the chroot requirement. _________________ The Human Equation:
value(geeks) > value(mundanes) |
|
Back to top |
|
|
mycroes Tux's lil' helper
Joined: 26 May 2003 Posts: 110 Location: Netherlands
|
Posted: Mon May 21, 2007 5:52 pm Post subject: What if... |
|
|
I don't mind them enumerating users, users will need a private key to log in anyway, so no matter how much users they enumerate, it doesn't make a difference... As for 'stealing files', I don't mind if they steal libraries and binaries, they're compiled form gpl source (at least most of them) so I wouldn't call that stealing... And they're clients. As soon as I notice anything fishy is going on they can say godbye to their account... And last but not least, chrooting sftp won't prevent them from using php to snoop around in the system...
Regards,
Michael _________________ In a world without walls or fences we don't need windows or gates |
|
Back to top |
|
|
humbletech99 Veteran
Joined: 26 May 2005 Posts: 1229 Location: London
|
Posted: Mon May 21, 2007 7:02 pm Post subject: |
|
|
you underestimate the potential.
but I guess it might end up being too much work for you especially if you have to apache and php as well.
anyway, do what you want, that's fine. _________________ The Human Equation:
value(geeks) > value(mundanes) |
|
Back to top |
|
|
chrisk2305 Tux's lil' helper
Joined: 05 Sep 2007 Posts: 110
|
Posted: Wed Sep 05, 2007 11:22 am Post subject: |
|
|
Hi Guys!
I'm kinda new to (gentoo)linux and i'm running into problems with the tutorial. Im running Gentoo AMD64.
I also got the connection closed error when i tried to log in from the shell (or winscp)
Then i started logging and here's the error:
Code: | Sep 5 12:49:29 fileserver sshd(pam_unix)[9352]: session opened for user oneuser by (uid=0)
Sep 5 12:49:29 fileserver sshd[9352]: subsystem request for sftp
Sep 5 12:49:29 fileserver rssh[9353]: setting log facility to LOG_USER
Sep 5 12:49:29 fileserver rssh[9353]: allowing scp to all users
Sep 5 12:49:29 fileserver rssh[9353]: allowing sftp to all users
Sep 5 12:49:29 fileserver rssh[9353]: setting umask to 022
Sep 5 12:49:29 fileserver rssh[9353]: chrooting all users to /home
Sep 5 12:49:29 fileserver rssh[9353]: chroot cmd line: /usr/lib64/misc/rssh_chroot_helper 2 "/usr/lib64/misc/sftp-server"
Sep 5 10:49:29 fileserver rssh_chroot_helper[9353]: new session for oneuser, UID=1002
Sep 5 10:49:29 fileserver rssh_chroot_helper[9353]: user's home dir is /home/oneuser
Sep 5 10:49:29 fileserver rssh_chroot_helper[9353]: chrooted to /home
Sep 5 10:49:29 fileserver rssh_chroot_helper[9353]: changing working directory to /oneuser (inside jail)
Sep 5 10:49:29 fileserver rssh_chroot_helper[9353]: execv() failed, /usr/lib64/misc/sftp-server: No such file or directory
Sep 5 12:49:29 fileserver sshd(pam_unix)[9352]: session closed for user oneuser
|
Don't quite get, because the /usr/lib64/misc/sftp-server file/folder exists?!
Plz help me, thx! |
|
Back to top |
|
|
humbletech99 Veteran
Joined: 26 May 2005 Posts: 1229 Location: London
|
Posted: Wed Sep 05, 2007 3:58 pm Post subject: |
|
|
am I right in reading you have chrooted to just /home?
noob, get a clue, go read some docs on how chroots work. You should not be chrooting to /home.
Hint: Does /home/usr/lib64/misc/sftp-server exist?
_________________ The Human Equation:
value(geeks) > value(mundanes) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|