[horde] Restrict SSH2-VFS to an user-depended path

Jan Schneider jan at horde.org
Mon Oct 7 16:18:14 UTC 2013


Zitat von Steffen <skhorde at smail.inf.fh-bonn-rhein-sieg.de>:

> I have configured Gollum to use a ssh2 backend. With
>
> $backends['ssh2']['root'] = '/home';
> $backends['ssh2']['params']['timeout'] = 20;
>
> I can restrict the top level to /home on the server. Is there a way  
> to limit the top directory (VFS root) to the home of the user  
> currently logged in? That is either, dynamically, the directory the  
> user got right after the first login or, statically, /home/<account> ?
>
> Mostly I want to deny (easy) access to /home and some other paths  
> not only because of security, but also because the PHP SSH  
> implementation stalls when entering such directory and never gets a  
> timeout.
>
> Kind regards,
>
> -- 
> Steffen

First of all, you should be using the ['params']['vfsroot'] setting  
instead, which is kind of a chroot. ['root'] only sets the default  
start directory.
If you want to use the current user name, you can use something like:
'/home/' . $GLOBALS['registry']->getAuth()
-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list