-1

I have a java application in /usr/local that keeps writing to a text file on a daily basis. I need a particular user to be able to read this file. What is the best way to do that? I have recently read a lot about chroot/jailkit, including this question -- is chroot a good way to handle it?

newbie14
  • 217
  • What do you expect from your chroot-jail here (what are the restrictions you want to enforce)? Shoud the user be able to log in (by ssh?), or should he just be able to sftp the log-file to his client? – Nils Dec 14 '11 at 19:49
  • @nils I would not allow the user ssh but just sftp to view/download the text files. So how should I go about this setting? Must I install rssh or anything extra modules? – newbie14 Dec 15 '11 at 07:33

1 Answers1

1

Look at the man-page for sshd_config. Use a chroot-jail and the "internal" sftp-setting. This reduces what needs to be in the chroot-jail to a few devices - no binaries and no libraries are needed there in sftp-internal mode.

I think the devices were null, random, urandom and some ttys.

/path/to/your/chroot/

There you need the dev/ subdirectory and the mentiones devices (use mknod to create them just the same way they do exist in /dev/.

Put the public key of your user to /home/yourchrootuser/.ssh/authorized_keys.

SSHD will first evaluate that key, then switch to the chrooted environment.

Nils
  • 18,492
  • The problem with some old version does not support the match and force command. So for those case what is your best option to go about with chroot? So according to your steps first I create a user then move him to another folder is it? Then copy the dev folder only into it am I right please correct me ? – newbie14 Dec 16 '11 at 16:09
  • I think you are approaching this too complicated. Use sshd which is part of CentOS. No need for anything else. SSHD has an option to enable the chroot-jail. I just tried to describe how it works. man sshd_config: Read the section "ChrootDirectory"! – Nils Dec 16 '11 at 21:18
  • Yes you are kind of right I am like mixing too many things up and have confused my self totally. I will do as per step by step your instruction. Yes I have read man sshd_config chrootdirectory and created a new user as user1. So under home I got /home/user1. What is my next step? Copy the whole dev folder into /home/user1 is it? – newbie14 Dec 17 '11 at 05:26
  • cd ~user1 && mkdir .ssh && chown user1 .ssh && chmod og=- .ssh && cd .ssh put the public key for that user into the authorized_keys file in that directory.

    Next create a chroot-directory. That may be anywhere on your server - do NOT use the home-directory of the user.

    – Nils Dec 17 '11 at 20:47
  • ,I have done all these steps cd ~user1 && mkdir .ssh && chown user1 .ssh && chmod og=- .ssh && cd .ssh. I am confuse is cd ~user1 it get me into /home/user1 so you asked me not put in home-directory right? Next where to find the public key where it will be stored? – newbie14 Dec 18 '11 at 09:32
  • ,can you guide me what are the next steps? – newbie14 Dec 19 '11 at 02:49