serving website from inside chroot "Permissions"

jeffpoulsen · 06-29-2004, 06:03 AM

I have recently set up my server using a chrooted sshd daemon. It works well. I use scp to upload files to the server. Now I have to serve from a directory from within the chroot so I can administer it remotely. Since I just copied the files from the old server I have had to chown most of the files in other parts of the file storage folders to allow remote storage. I have now set up a /www folder to serve webpages from and it works. But I need to change ownership of these folders as I now cannot upload files. Currently the permissions are 644 with root the owner and group. I have the following questions:

(1) Who should own these files? I do not login as root but as another user.
(2) What should the permissions be?
(3) Is this a security risk?

I am not sure about the security of the chroot if files belong to root. And if there are links to files outside of the chroot. I do not want to set up ftp for several reasons one being a limit on the number of nat'd ports on the firewalls. Thanks, all help is greatly appreciated.

unSpawn · 07-01-2004, 01:55 PM

Currently the permissions are 644 with root the owner and group. (...) (1) Who should own these files?
If it's user changable files, a lesser-privileged one. If you've got userdirs within the chroot you could chown files to them, if you're using a webserver like Apache, you've possibly got an inert Apache account, so you could chown files to that or the nobody account. Permissions should be sufficient enough for the server to serve and the users to change.

(3) Is this a security risk?
Depends on what files you mean and who needs to be able to change em.

I am not sure about the security of the chroot if files belong to root.
Executables, config files (files you don't want to be edited by non-privileged users) are usually owned by root. That's no problem. What can be a problem is allowing stuff in the chroot that is not supposed to be there. The fact the files reside within a chroot can only be counted as "mitigating circumstances" when the jail is sealed. No linking outside, no mount binds, no mounted /proc, minimal /dev/, no setuid root binaries, not allowing people to create devices or setuid root binaries.

If unsure about chrooting, check out the LQ FAQ: Security references.