2006-02-02 03:15:05 UTC
i have a client who, several months ago, needed a chroot'ed sftp service on his machine to allow some of his clients to upload graphics, but obviously he (and i) didn't want the client to have access to the rest of his server. i ended up using a program called "scponly" to set up the service- it changes the userid's login shell to a program that disallows anything which isn't related to scp or sftp, and can be made to run within a chroot environment just as chrootssh can (the separator in the home directory is "//" instead of "/./" but that's the only difference.)
http://www.sublimation.org/scponly/ is the web page for "scponly", if anybody is interested.
while setting this up for the client, i wrote a perl script to run "ldd" on the binaries and come up with a list of the libraries which were needed in the jail, as well as any libraries needed by the libraries themselves.
i just found the chrootssh program by reading this article, which is basically a HOWTO document which walks through setting up chrootssh.
http://www.howtoforge.com/chrooted_ssh_howto_debian
while reading the article it occurred to me that the script i had written for this client's server might be useful to others... so i've pulled it out of retirement, dusted it off, slapped a GPLv2 notice on it, and put it on my web site.
http://www.jms1.net/code/#mkjail
let me know if you find it useful, have problems with it, or just want to say hello.
