regular debian admin, i am faced to a complex situation and i appreciate your advices...
I have a server with chroot environment that is working without problems up to now :
Chroot user : store
chroot path : /home/store
I have in this chroot environment all files (lib, bin, usr, etc) required for chroot to work.
On this chroot, i have several jailed FTP / FTPs (explicit) accounts that are working correctly. Each jailed ftp is in : /home/store/home/store/partners/xxxxxx (where xxxx is the name of the partner)
In each jailed FTP i have two folders : data (Listing possible), and photos (not listable).
Photos is a unique directory mounted from fstab for each partner inside the chroot environnement, allowing RETR commands in FTP for each partners.
Problem is : I have a partner that must for security reason access to data in sFTP (FTP over SSH).
To resolve this problem, i've chrooted a new user (lets say ALDA) to /home/store/home/store/partners/ALDA and install all necessary files to work (bin, etc, lib). User does access in sFTP to it's chrooted content, but he can access all bin/ lib/ etc/ folders that are needed for chroot, and that i managed to hide in FTPs.
For my luck, write restrictions are working and user can bring no modifications to files or dirs, but user car list/retrieve all content...
1rst question : How can i restrict access / visibility to all chroot environnement files other than DATA and PHOTOS folders.
2nd question : In sFTP, user can list all mounted photo directory, and parse content... How can i totally block all listing of this specific folder, but allow when exact path is given, all "get" commands...
Thanks for your valuable time and advices..
Tdldp
No comments:
Post a Comment