On Mon, Nov 27, 2006 at 03:36:17PM +0100, Ingo Schwarze wrote:
> Jim Razmus wrote on Sun, Nov 26, 2006 at 07:41:42PM -0500:
> > Ingo Schwarze <[EMAIL PROTECTED]> [061125 18:51]:
> >> Jim Razmus wrote:
>
> >>> Anyone have a clever hack to get sftp chroot'ed too?
> >>
> >> In my original post to this thread, i mentioned
> >> http://sublimation.org/scponly/wiki
> >> Disclaimed: I neither tested nor audited scponly.
> >> A port has just been submitted to ports@ (not by me).
> >
> > Sorry, I meant in conjunction with ForceCommand.
>
> And without any additional helper binary like scponly,
> if i understand your intention correctly?
>
> I deem that rather improbable.
> Still, i neither claim it's impossible to do right nor do i think
> your question is completely unreasonable.
In fact, I suppose systrace might do this without requiring you to hack
up very much at all. It wouldn't actually chroot sftp-server, but
preventing any file system activity outside of /home would go a long
way.
Joachim
