[horde] Restrict SSH2-VFS to an user-depended path
Steffen
skhorde at smail.inf.fh-bonn-rhein-sieg.de
Tue Oct 8 08:22:08 UTC 2013
On Mon, 7 Oct 2013, Jan Schneider wrote:
> Zitat von Steffen <skhorde at smail.inf.fh-bonn-rhein-sieg.de>:
>
>> I have configured Gollum to use a ssh2 backend. With
>>
>> $backends['ssh2']['root'] = '/home';
>> $backends['ssh2']['params']['timeout'] = 20;
>>
>> I can restrict the top level to /home on the server. Is there a way to
>> limit the top directory (VFS root) to the home of the user currently logged
>> in? That is either, dynamically, the directory the user got right after the
>> first login or, statically, /home/<account> ?
>>
>> Mostly I want to deny (easy) access to /home and some other paths not only
>> because of security, but also because the PHP SSH implementation stalls
>> when entering such directory and never gets a timeout.
>
> First of all, you should be using the ['params']['vfsroot'] setting instead,
> which is kind of a chroot. ['root'] only sets the default start directory.
> If you want to use the current user name, you can use something like:
> '/home/' . $GLOBALS['registry']->getAuth()
Ah. I have now set:
$backends['ssh2']['home'] = '/';
$backends['ssh2']['params']['vfsroot'] =
'/home/'.$GLOBALS['registry']->getAuth();
Without the ['home'] setting, the start directory is [...]/home/<user>,
which does not exist.
Thanks,
--
Steffen
More information about the horde
mailing list