version 1.189, 2015/01/13 07:39:19 |
version 1.190, 2015/01/22 20:24:41 |
|
|
Specifies the pathname of a directory to |
Specifies the pathname of a directory to |
.Xr chroot 2 |
.Xr chroot 2 |
to after authentication. |
to after authentication. |
All components of the pathname must be root-owned directories that are |
At session startup |
not writable by any other user or group. |
.Xr sshd 8 |
|
checks that all components of the pathname are root-owned directories |
|
which are not writable by any other user or group. |
After the chroot, |
After the chroot, |
.Xr sshd 8 |
.Xr sshd 8 |
changes the working directory to the user's home directory. |
changes the working directory to the user's home directory. |
|
|
inside the chroot directory on some operating systems (see |
inside the chroot directory on some operating systems (see |
.Xr sftp-server 8 |
.Xr sftp-server 8 |
for details). |
for details). |
|
.Pp |
|
For safety, it is very important that the directory heirarchy be |
|
prevented from modification by other processes on the system (especially |
|
those outside the jail). |
|
Misconfiguration can lead to unsafe environments which |
|
.Xr sshd 8 |
|
cannot detect. |
.Pp |
.Pp |
The default is not to |
The default is not to |
.Xr chroot 2 . |
.Xr chroot 2 . |