Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Users
Protecting a file in internal-sftp jail (chroot)
eriberto at eriberto
Sep 25, 2009, 4:49 AM
Post #1 of 3 (2776 views)
Permalink
Hi all,

I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
5.1p1). I followed the steps found at
http://www.debian-administration.org/articles/590 and it is working
fine. But I have a little problem. I am using this process to give
access to users put files in directories into /var/www (Apache) and
each directory has a .htaccess to force a password to access from a
browser.

My problem is: the jail user can delete the .htaccess file and I need
to prevent it. But, in jail, the user has root power.

Final question: how to make to protect a file in a jail made using
internal-sftp?

Thanks a lot in advanced.

Regards,

Eriberto - Brazil
Re: Protecting a file in internal-sftp jail (chroot) [ In reply to ]
racke at linuxia
Sep 25, 2009, 6:16 AM
Post #2 of 3 (2600 views)
Permalink
Eriberto wrote:
> Hi all,
>
> I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
> 5.1p1). I followed the steps found at
> http://www.debian-administration.org/articles/590 and it is working
> fine. But I have a little problem. I am using this process to give
> access to users put files in directories into /var/www (Apache) and
> each directory has a .htaccess to force a password to access from a
> browser.
>
> My problem is: the jail user can delete the .htaccess file and I need
> to prevent it. But, in jail, the user has root power.
>
> Final question: how to make to protect a file in a jail made using
> internal-sftp?
>
> Thanks a lot in advanced.

What about moving the directives in .htaccess into Apache configuration
file(s)?

That is faster anyway.

Regards
Racke


--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
Re: Protecting a file in internal-sftp jail (chroot) [ In reply to ]
docks at gmx
Sep 28, 2009, 11:35 PM
Post #3 of 3 (2599 views)
Permalink
Eriberto,

If your filesystem supports it you can use the extended attribute immutable:

chattr +i .htaccess

So nobody should be able to modify the file.

Seb

Eriberto wrote:
> Hi all,
>
> I made a jail using sftp-internal (Debian Lenny 5.0.3 / OpenSSH
> 5.1p1). I followed the steps found at
> http://www.debian-administration.org/articles/590 and it is working
> fine. But I have a little problem. I am using this process to give
> access to users put files in directories into /var/www (Apache) and
> each directory has a .htaccess to force a password to access from a
> browser.
>
> My problem is: the jail user can delete the .htaccess file and I need
> to prevent it. But, in jail, the user has root power.
>
> Final question: how to make to protect a file in a jail made using
> internal-sftp?
>
> Thanks a lot in advanced.
>
> Regards,
>
> Eriberto - Brazil
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal