Bug 440240 - request to add chroot sftp capabilty into openssh-server
request to add chroot sftp capabilty into openssh-server
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh (Show other bugs)
5.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: Jan F. Chadima
Brian Brock
: FutureFeature, Triaged
Depends On: 440043
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-02 10:00 EDT by Marcelo Giles
Modified: 2010-10-22 19:41 EDT (History)
16 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 05:44:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marcelo Giles 2008-04-02 10:00:43 EDT
+++ This bug was initially created as a clone of Bug #440043 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre)
Gecko/2008030315 Red Hat/3.0b4pre-0.beta3.4.el5 Minefield/3.0b4pre

Description of problem:
Customer is requesting, for security reasons, that we add chroot capability to
our sshd server, more specifically for sftp.

Upstream OpenSSH software version 4.9 recently incorporated this feature.

See release notes and man pages:

http://openssh.org/txt/release-4.9
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config 

Can we backport this feature into our current version of the openssh-server
package for RHEL?

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Use of current OpenSSH RHEL software

Actual Results:
No chroot environment built in configuration options.

Expected Results:
An openssh-server capable of built in chroot configuration options.

Additional info:

-- Additional comment from tmraz@redhat.com on 2008-04-02 07:42 EST --
Given the state of maintenance of RHEL-4 I am not sure this is appropriate
feature for backport. It would also have to be backported to RHEL-5 first so we
wouldn't regress feature-wise.
Comment 6 LENHOF Jean-Yves 2009-02-20 07:04:27 EST
What is the state of this enhancement bug ?
It could be nice to have the chroot feature.
Comment 8 Jan F. Chadima 2009-04-21 06:35:51 EDT
This feature is being implemented. If everything goes well it should appear in the RHEL 5.4 update package.
Comment 11 LENHOF Jean-Yves 2009-04-24 06:21:22 EDT
A little precision, because there's no package version, a recent version (or backport of some parts) is necessary to be able to log informations when using this function. 

Version 5.2p1 seems necessary, some informations here :
https://bugzilla.mindrot.org/show_bug.cgi?id=1527

Regards,
Comment 12 Jan F. Chadima 2009-04-27 02:44:01 EDT
This bug is repaired in Rawhide, not in upstream. While the fix will not be well tested, I don't want it in RHEL.
Comment 13 Jan F. Chadima 2009-04-27 03:13:37 EDT
I've meant broken logging in last reply.
Comment 18 errata-xmlrpc 2009-09-02 05:44:45 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1287.html

Note You need to log in before you can comment on or make changes to this bug.