You are not logged in.
- Topics: Active | Unanswered
#1 2020-04-11 01:57:50
- drcouzelis
- Member
- From: Connecticut, USA
- Registered: 2009-11-09
- Posts: 4,092
- Website
Why create a bind mount when setting up an SFTP jail?
Just a quick question... I'm setting up an SFTP server, and according to the Arch wiki I can "Optionally, bind mount the filesystem to be shared to this directory."
Can anyone please explain why this would be done? Is it insecure to skip this step?
Offline
#2 2020-04-11 07:13:21
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,417
Re: Why create a bind mount when setting up an SFTP jail?
It may simply be convenience. You can point any path you like to /var/lib/jail without having to change existing configurations. It could also serve to prevent umounting of /mnt/data as it's "busy" / "in use", or provide a fallback in case /mnt/data was never mounted at all. /var/lib/jail would still exist in any case.
But there are also restrictions with using sshd's ChrootDirectory directive:
ChrootDirectory
Specifies the pathname of a directory to chroot(2) to after
authentication. At session startup sshd(8) checks that all
components of the pathname are root-owned directories which are
not writable by any other user or group.So if you want to use a path like /mnt/data/share but /mnt/data belongs to some user/group instead of root, or is world writeable, it wouldn't work. A symlink wouldn't work either. It would still complain about /mnt/data not having correct permissions.
The bind mount is a trick to get around this restriction, effectively disabling the pathname component permission check.
Is it insecure to skip this step?
The other way around, it's "insecure" to do this. It's working around security instead of embracing it. Whoever owns /mnt/data has more permissions on the /mnt/data/share structure than openssh wants you to have.
However you also have to keep in mind that ChrootDirectory is not meant (exclusively) for sftp use. It's meant for running entire interactive SSH sessions in a chroot. The security conditions are a bit stricter than necessary for a simple file transfer.
If you're using LVM / if you're able to create a dedicated partition/filesystem, you could have it mounted directly to the jail directory, and not use any of those bind mount shenanigans nor have any other weird filesystem paths in there.
If you don't mount anything in /var/lib/jail, then uploads would fill up your root filesystem, or /var if you have a dedicated /var filesystem. You have to consider what happens when you run out of space.
Offline