On Mar 12 06:40, Peter Board via Cygwin wrote: > Hi Cygwin Developers, > > In the source code for the session.c Cygwin is using the standard > OpenSSH source code, which checks for both the user ID of 0 and a > permissions for who can write to the new folder. > Chroot mounting test that I can't get Cygwin to pass > if (st.st_uid != 0 || (st.st_mode & 022) != 0) > > I have tried mapping the SYSTEM user and Group via the \etc\passwd and > \etc\group files, but I am unable to get a successful setting that > will allow Chroot.exe or \etc\sshd_config directive for rehoming an > SFTP connection to work.
You know that you have to copy executables and DLLs to be inside the chroot "jail" (but see below)? > Match User username > ChrootDirectory F:\sftproot Don't use Windows paths. Use Cygwin POSIX paths. No drive letter and forward slashes. > ForceCommand internal-sftp > In the MS OpenSSH source code, they have switched Windows to just > doing a basic directory exists check. Would it be possible to > implement the same check in the Cygwin source code so that sftp root > rehoming works again? I believe it was broken after OpenSSH 8.6 from > my research, I have an older Cygwin setup based on OpenSSH 8.3 and the > Chroot directive for SFTP root rehoming works fine. chroot(2) is not really supported. It was never more than a shallow experimental emulation keeping track of the chroot dir, and it never worked as desired. We gave up on the chroot emulation and only keep it in for backward compatibility. Don't use it. It only gives a false sense of security. A chroot jail is not supported by the underlying Windows, and the chroot in Windows SSH is just a bad fake either. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
