[Chrootssh-users] no patches needed to allow chrooted sftp access

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I posted a few days ago about trying to chroot a user before they are
given access to the sftp-server program. I already had the users shell
set to be a perl script which only allowed sftp to be run (thus making
a user that can only sftp and not get shell access). I received some
good top tips. chroot is for super user only was the main problem.
I finally worked out a perl script wasn;t going to do it and I
certainly wasn't going to chmod +s a perl script,

so I wrote a small C program that validates the arguments and then
chroots to a directory and sets the UID and then calls sftp-server
since I don't have a statically linked sftp-server I needed the
following libraries in /lib (of the chrooted environment)

lib/libexec/openssh/sftp-server
lib/libdl.so.2
lib/i686/libc.so.6
lib/ld-linux.so.2
lib/libc.so.6          <--- this is a sym link to i686/libc.so.6
lib/libresolv.so.2
lib/libutil.so.1
lib/libnsl.so.1
lib/libcrypto.so.2
lib/libcrypt.so.1
lib/libz.so.1
lib/libgssapi_krb5.so.2
lib/libcom_err.so.3
lib/libk5crypto.so.3
lib/libkrb5.so.3

the c code is appended below. once compiled I made sure it was owned
by root and chmod +s and then set it as the users shell. 

It's currently only for one user, I could make it get the home dir of
the uid that's calling it and chroot to that pretty easily, but right
now it works just great for me and I only have one user that needs to
use it.

If you can see any big glaring problems with this solution please let
me know.

I'm posting this here in the hopes that it may help someone else.

Alex
----------------------------------------------------------------------
#include <unistd.h>
#include <stdlib.h>

char *sftp="/lib/libexec/openssh/sftp-server";

void reject(char *err)
{
  printf("This is a restricted account.\n"
         "You cannot execute anything here.\n"
         "Goodbye.\n");
  /*  printf("%s\n",err);	 */
  exit(89);
}

void chrootsftp(int uid, char *dir)
{
  int gidlist[] = {666};
  gidlist[0]=uid;

  if (uid != getuid()){
    reject("Can only be run by uid 1002");
  }

  chdir(dir);
  chroot(dir);
  setgid(gidlist[0]);
  setgroups(1,gidlist);  // also, could use initgroups
  setuid(gidlist[0]);
  execl(sftp,sftp,NULL);
}

int main(int argc, char*argv[])
{

  if (argc!=3){
    reject("Only two arguments allowed");
  }

  if (!strstr(argv[1],"-c") &&!strstr(argv[1],"-e")){
    reject("Illegal option");
  }

  if (!strstr(argv[2],"sftp-server")){
    reject("This shell can only run sftp");
  }

  chrootsftp(1002,"/home/destiny");
}