Hi eryone, I'm new here. Since I'm a graphic designer and not an admin, I need to learn a lot from the first step, so please be patient with me. Most of my skills are self taught with howtos, so there might be some lack of wisdom in basics. I've setup a Suse-System (9.3) with a few upload functions for customers of our small company.
Ok my Problem is... one of our cusotmers asked me to give him an SFTP upload for some test data. I already setup a user and login and upload works fine with SFTP.
But now the user has access to my whole filesystem (don't want that) and i found that chroot for the user might solve my problem.
My ssh Version is 3.9 and doesn't support chroot, so I've been looking for a howto or something that helps me to update my Openssh to a newer Version which supports chroot. I spend 3 hours reading without a solution and stranded here.
Any ideas where i might find a howto for this update or any other suggestion how i can lock a user in one folder?
SUSE 9.3 is fairly old now. Have you checked repositories for the packages? Have you considered updating the system? There are probably other packages that have bugs or flaws that could become an issue. You could always download the source and package an rpm yourself, however.
Thanks for your reply. Since the Problem was hasty I decided to setup a second server with OpenSuse. This worked fine and my chrooted sftp Login works already.
I know that updating the system is necessary, but there are quite a few users and different services on the system. I fear that updating might chaos my upload server and this could be fatal for my company.
However I decided to use the OpenSuse System as backup for my 9.3 and when the new system is installed with everything needed I will try to upgrade the 9.3 to lock the security issues. Since I do this work along my regular stuff it sometimes gets out of sight.
Do you think updating might be a solution or is a complete new installation the best option?
I would recommend a side by side migration. Alternately, you could try to put a virtualized environment into place on the 9.3 server. If you used a second virtual disk container on the host as the place where the files are saved, you could mount that virtual disk as a loopback device and then see the files. It would work similarly to a chrooted environment.
Essentially, it would be like this:
Host (9.3) with 2 virtual disks A and B
A holds the OS of OpenSUSE 11.x
B holds the file system where the SFTP is located
Host mounts disk B to /usr/local/dropbox (example only) [read only]
Your remote user connnects to the virtual server, your local users can connect to the 9.3 server. eventually, you can just migrate the virtual server using any host you wish, even an opensuse 11.x box itself with minimal downtime
the only difference is, the server itself is virtualized.
Most of my skills are self taught with howtos, so there might be some lack of wisdom in basics. I've setup a Suse-System (9.3) with a few upload functions for customers of our small company.