lunix 的ssh的sftp使用chrootDirectory来限制用户根目录局限性:没太大意义
2013-03-28 16:49
489 查看
ChrootDirectory
Specifies the pathname of a directory to chroot(2) to after
authentication. All components of the pathname must be root-
owned directories that are not writable by any other user or
group. After the chroot, sshd(8) changes the working directory
to the user's home directory.
The pathname may contain the following tokens that are expanded
at runtime once the connecting user has been authenticated: %% is
replaced by a literal '%', %h is replaced by the home directory
of the user being authenticated, and %u is replaced by the
username of that user.
The ChrootDirectory must contain the necessary files and
directories to support the user's session. For an interactive
session this requires at least a shell, typically sh(1), and
basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4),
stderr(4), arandom(4) and tty(4) devices. For file transfer
sessions using ``sftp'', no additional configuration of the
environment is necessary if the in-process sftp server is used,
though sessions which use logging do require /dev/log inside the
chroot directory (see sftp-server(8) for details).
The default is not to chroot(2).
如果按照它上面的说法.
单在一个网站的不同目录分配给不同用户来管理这个需求就无法实现了,且会搞出很多没必要的文件来,对于网站.
有点不明白网络上需求那么简单?那么热忠于这个配置.
Specifies the pathname of a directory to chroot(2) to after
authentication. All components of the pathname must be root-
owned directories that are not writable by any other user or
group. After the chroot, sshd(8) changes the working directory
to the user's home directory.
The pathname may contain the following tokens that are expanded
at runtime once the connecting user has been authenticated: %% is
replaced by a literal '%', %h is replaced by the home directory
of the user being authenticated, and %u is replaced by the
username of that user.
The ChrootDirectory must contain the necessary files and
directories to support the user's session. For an interactive
session this requires at least a shell, typically sh(1), and
basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4),
stderr(4), arandom(4) and tty(4) devices. For file transfer
sessions using ``sftp'', no additional configuration of the
environment is necessary if the in-process sftp server is used,
though sessions which use logging do require /dev/log inside the
chroot directory (see sftp-server(8) for details).
The default is not to chroot(2).
如果按照它上面的说法.
单在一个网站的不同目录分配给不同用户来管理这个需求就无法实现了,且会搞出很多没必要的文件来,对于网站.
有点不明白网络上需求那么简单?那么热忠于这个配置.
相关文章推荐
- 限制sftp用户只能在自己文件夹下活动,不可进行ssh链接和使用22端口
- 使用sftp创建新用户和分配目录
- Linux 限制SFTP用户只能访问某个目录
- centos7中实现chroot限制ssh及sftp至指定目录
- centos下配置sftp且限制用户访问目录
- 用ChrootDirectory限制SFTP登录的用户只能访问指定目录且不能进行ssh登录
- 给sftp创建新用户、默认打开和限制在某个目录
- lshell限制用户使用命令及其访问目录
- centos下配置sftp且限制用户访问目录
- sftp 限制用户登录家目录
- Linux 限制SFTP用户只能访问某个目录
- (升级修改版1.1)集群配置(Torque安装配置+Maui安装配置+SSH免验证设置+节点共享目录(NFS服务)设置+NIS服务设置+用户硬盘空间限制和核心使用限制设置)异常详细版
- sftp 限制用户登陆指定目录(家目录)
- linux下禁止某一用户使用ssh登陆但可使用sftp登陆
- centos下配置sftp且限制用户访问目录
- 如何设置让SFTP的用户限制在某个目录下
- SuSE sftp 限制用户活动目录
- Linux下为不使用SSH的用户提供SFTP服务环境
- 如何设置让SFTP的用户限制在某个目录下
- Sftp服务器搭建和限制用户目录