Chroot in OpenSSH 62
bsdphx writes "OpenSSH developers Damien Miller and Markus Friedl have recently added a nifty feature to make life easier for admins. Now you can easily lock an SSH session into a chroot directory, restrict them to a built-in sftp server and apply these settings per user. And it's dead simple to do. If you need to allow semi-trusted people on your computers, then you want this bad!"
Why bother? (Score:3, Insightful)
Re:Why bother? (Score:0, Insightful)
Re:Why bother? (Score:5, Insightful)
Re:Oh thank god (Score:3, Insightful)
Re:all that for sftp? (Score:4, Insightful)
Why? No privilege separation. A MUCH bigger code base.
Not to mention fewer standalone programs.
Why not? The user security model is reliable and time tested. It does not require reinventing the "user". It does not depend on one program handling it's own system of virtual permissions correctly. It does not depend on the security of a large program that users directly interact with.
I can see ample reasons sftp is safer.