Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 440240

Summary: request to add chroot sftp capabilty into openssh-server
Product: Red Hat Enterprise Linux 5 Reporter: Marcelo Giles <mgiles>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2CC: amote, casmith, cbolz, cbuckley, jchadima, jylenhof, ohudlick, pvn, rh, ricardo.arguello, sean, sghosh, sgrubb, sputhenp, stefan, tao
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 09:44:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 440043    
Bug Blocks:    

Description Marcelo Giles 2008-04-02 14:00:43 UTC 
+++ This bug was initially created as a clone of Bug #440043 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre)
Gecko/2008030315 Red Hat/3.0b4pre-0.beta3.4.el5 Minefield/3.0b4pre

Description of problem:
Customer is requesting, for security reasons, that we add chroot capability to
our sshd server, more specifically for sftp.

Upstream OpenSSH software version 4.9 recently incorporated this feature.

See release notes and man pages:

http://openssh.org/txt/release-4.9
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config 

Can we backport this feature into our current version of the openssh-server
package for RHEL?

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Use of current OpenSSH RHEL software

Actual Results:
No chroot environment built in configuration options.

Expected Results:
An openssh-server capable of built in chroot configuration options.

Additional info:

-- Additional comment from tmraz on 2008-04-02 07:42 EST --
Given the state of maintenance of RHEL-4 I am not sure this is appropriate
feature for backport. It would also have to be backported to RHEL-5 first so we
wouldn't regress feature-wise.
Comment 6 LENHOF Jean-Yves 2009-02-20 12:04:27 UTC 
What is the state of this enhancement bug ?
It could be nice to have the chroot feature.
Comment 8 Jan F. Chadima 2009-04-21 10:35:51 UTC 
This feature is being implemented. If everything goes well it should appear in the RHEL 5.4 update package.
Comment 11 LENHOF Jean-Yves 2009-04-24 10:21:22 UTC 
A little precision, because there's no package version, a recent version (or backport of some parts) is necessary to be able to log informations when using this function. 

Version 5.2p1 seems necessary, some informations here :
https://bugzilla.mindrot.org/show_bug.cgi?id=1527

Regards,
Comment 12 Jan F. Chadima 2009-04-27 06:44:01 UTC 
This bug is repaired in Rawhide, not in upstream. While the fix will not be well tested, I don't want it in RHEL.
Comment 13 Jan F. Chadima 2009-04-27 07:13:37 UTC 
I've meant broken logging in last reply.
Comment 18 errata-xmlrpc 2009-09-02 09:44:45 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1287.html