chroot

This document describes how to set up a chrooted SSH/SFTP environment on Fedora 7. The chrooted users will be jailed in a specific directory where they cannot break out. They will be able to access their jail via SSH and SFTP.

This tutorial shows how to install MySecureShell on a Debian Etch system. MySecureShell is an SFTP server that is based on OpenSSH and can be configured in many ways, e.g. it has support for chrooting users into their homedirs or for limiting upload-/download bandwidths. MySecureShell makes SFTP available for users that do not have shell access so that these users do not have to use the insecure FTP protocol anymore.

This tutorial describes two ways how to give users chrooted SSH access. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. The users will also be able to use SFTP in their chroot jails.

When reading a hint on the website of LinuxFromScratch I discovered the special capabilities of unionfs, specially in combination with chroot. Later I read a HowTo on a wikiwebsite of Gentoo, about entering a chrooted home directory when using a special script as shell. Combining these two brings me to using a chrooted environment, which you enter when logging in as a special user. This environment is an exact copy (mirror) of the system you are working on.

Absolutely awesome how-to for creating a chrooted environment using mod_chroot. It's Gentoo specific (basically init scripts), but all distros should be able to use this. Very thorough!

This simple howto addressing what needs to be in chroot jail for fsockopen() getaddrinfo to work.

This article is about getting saslauthd working in a chroot'd postfix. Due to jail constraints in Postfix, saslauthd socket and PID needs to be available in there.. this explains how. Gentoo specific, but could be applied with any linux system.

Article on how to create a chroot environment using mod_security. Also has great tips for hardening PHP and MySQL configuration at the server level.