[horde] Restrict SSH2-VFS to an user-depended path
Jan Schneider
jan at horde.org
Mon Oct 7 16:18:14 UTC 2013
Zitat von Steffen <skhorde at smail.inf.fh-bonn-rhein-sieg.de>:
> I have configured Gollum to use a ssh2 backend. With
>
> $backends['ssh2']['root'] = '/home';
> $backends['ssh2']['params']['timeout'] = 20;
>
> I can restrict the top level to /home on the server. Is there a way
> to limit the top directory (VFS root) to the home of the user
> currently logged in? That is either, dynamically, the directory the
> user got right after the first login or, statically, /home/<account> ?
>
> Mostly I want to deny (easy) access to /home and some other paths
> not only because of security, but also because the PHP SSH
> implementation stalls when entering such directory and never gets a
> timeout.
>
> Kind regards,
>
> --
> Steffen
First of all, you should be using the ['params']['vfsroot'] setting
instead, which is kind of a chroot. ['root'] only sets the default
start directory.
If you want to use the current user name, you can use something like:
'/home/' . $GLOBALS['registry']->getAuth()
--
Jan Schneider
The Horde Project
http://www.horde.org/
More information about the horde
mailing list