sftp queries
in [Solaris]
|
From: Dolphin on 10 Jun 2010 04:58 Hi, How to restrict a user to "cd" to certain directories after user sftp into the system in Solaris 10? Correct me if I'm wrong that chroot is able to perform this but it requires openssh to be installed. If I will to install the openssh, what will happen to the ssh that comes with Solaris 10? Any other way besides chroot? Thanks in advance.
From: Doug McIntyre on 10 Jun 2010 09:25 Dolphin <yc282004(a)yahoo.com.sg> writes: >How to restrict a user to "cd" to certain directories after user sftp >into the system in Solaris 10? Correct me if I'm wrong that chroot is >able to perform this but it requires openssh to be installed. If I >will to install the openssh, what will happen to the ssh that comes >with Solaris 10? Any other way besides chroot? How about setting up a zone instead? A little bit more involved than chroot, but it would be quite effective in limiting them to just the filesystems areas you want them to be limited to. Would be fully supported by Sun with just the stock software installed. You'd need additional IP addresses though for this option. Otherwise, you could install the newer version of openssh than what sun ships into any location and run it, either by shutting down the sun stock sshd and running up your version, or even running both concurrently on a different port for your users to utilize.
From: anonymous on 10 Jun 2010 09:35 Dolphin wrote: > Hi, > > How to restrict a user to "cd" to certain directories after user sftp > into the system in Solaris 10? Correct me if I'm wrong that chroot is > able to perform this but it requires openssh to be installed. If I > will to install the openssh, what will happen to the ssh that comes > with Solaris 10? Any other way besides chroot? > > Thanks in advance. see an example setup at : http://www.minstrel.org.uk/papers/sftp/builtin/ I still use the solaris 10 ssh to login to the physical server for maintenance, and the above openssh setup to another virtual ip-adress that migrates between several servers for high-availabilty.
From: Hugo on 10 Jun 2010 13:26 On 10-Jun-2010, Doug McIntyre <merlyn(a)geeks.org> wrote: > >How to restrict a user to "cd" to certain directories after user sftp > >into the system in Solaris 10? Correct me if I'm wrong that chroot is > >able to perform this but it requires openssh to be installed. If I > >will to install the openssh, what will happen to the ssh that comes > >with Solaris 10? Any other way besides chroot? > > How about setting up a zone instead? Or, create the 'home' directory as empty and use symbolic links to access those area's/files they should be able to get to (might be more work than is worth it if this is a complicated setup). Regards
From: Dolphin on 10 Jun 2010 18:43 On Jun 10, 9:25 pm, Doug McIntyre <mer...(a)geeks.org> wrote: > Dolphin <yc282...(a)yahoo.com.sg> writes: > >How to restrict a user to "cd" to certain directories after user sftp > >into the system in Solaris 10? Correct me if I'm wrong that chroot is > >able to perform this but it requires openssh to be installed. If I > >will to install the openssh, what will happen to the ssh that comes > >with Solaris 10? Any other way besides chroot? > > How about setting up a zone instead? > > A little bit more involved than chroot, but it would be quite > effective in limiting them to just the filesystems areas you want them > to be limited to. Would be fully supported by Sun with just the stock > software installed. You'd need additional IP addresses though for this > option. > Could you advice how to go about it as I understood that setting up a zone will not be able to access directories that are now in the global zone. > Otherwise, you could install the newer version of openssh than what > sun ships into any location and run it, either by shutting down the > sun stock sshd and running up your version, or even running both > concurrently on a different port for your users to utilize.
|
Next
|
Last
Pages: 1 2 Prev: Does Solaris need MAP_NOSYNC? Next: Equivalent of "passwd -as" command in solaris / linux |