Mail Archives: cygwin/2005/11/17/15:53:07

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2005/11/17/15:53:07

Date: Thu, 17 Nov 2005 21:52:55 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Lock down CYGWIN SSH User to single directory.

Message-ID: <20051117205255.GZ3462@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <loom DOT 20051117T181458-376 AT post DOT gmane DOT org> <dlilp6$ekj$1 AT sea DOT gmane DOT org> <loom DOT 20051117T210349-103 AT post DOT gmane DOT org>

Mime-Version: 1.0

In-Reply-To: <loom.20051117T210349-103@post.gmane.org>

User-Agent: Mutt/1.4.2i

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

On Nov 17 20:08, JMCColorado wrote:
> René Berber <r.berber <at> computer.org> writes:
> >   http://chrootssh.sourceforge.net/
> 
> I have heard that CHRoot might work, but I have also heard that it
> still allows someone to SCP outside of where they can SSH to.

The chroot system call only works inside Cygwin.  As soon as Windows
native tools are involved, you've lost since a chroot concept just
doesn't exist on Windows.

> I need to ensure that the user can't get anywhere but the one
> directory I want them to have access to. Unfortunately, with Windows
> giving "Everyone" access to just about everything, this seems very
> difficult to do.
> 
> Any more ideas?

As I said, as the administrator you're resonsible to set the permissions
correctly.  It's not as simple as "everyone has access".  There are
knowledge base articles and white papers from Microsoft about
controlling user access.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright Š 2019 by DJ Delorie	Updated Jul 2019

Date:	Thu, 17 Nov 2005 21:52:55 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Lock down CYGWIN SSH User to single directory.
Message-ID:	<20051117205255.GZ3462@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<loom DOT 20051117T181458-376 AT post DOT gmane DOT org> <dlilp6$ekj$1 AT sea DOT gmane DOT org> <loom DOT 20051117T210349-103 AT post DOT gmane DOT org>
Mime-Version:	1.0
In-Reply-To:	<loom.20051117T210349-103@post.gmane.org>
User-Agent:	Mutt/1.4.2i
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com