Page 1 of 1

sftp denied link

PostPosted: Wed Jun 13, 2007 2:45 pm
by ralphy
I have my ACL policy setup to a degree where it's functional but yet minimal in that it all works but users aren't allowed things they shouldn't be allowed to. However, as far as sftp goes, users can connect and upload files, but renaming in sftp is broken for me. sftp reports Permission denied when trying to rename a file in a user's home directory with grsec.log showing denied links from old.file to new.file. I'm at a loss as to what I have to do to fix this. Any suggestions?

PostPosted: Sun Jun 17, 2007 12:50 am
by ralphy
Silly me! Got it :) Keep up the good work guys!

PostPosted: Sat Aug 25, 2007 12:09 pm
by brant
As this forum is the main means of support for grsecurity, could you please provide an example of the solution? This will help others with the same problem. ;)

PostPosted: Wed Aug 29, 2007 6:45 pm
by ralphy
I think this is proper. Maybe spender or somebody could comment if it's wrong or if it's okay?

Code: Select all
subject /usr/lib/misc/sftp-server
        /etc/passwd             r
        /etc/group              r
        /dev/log                rw
        /home                   rx
        /home/*                 rwcdl

PostPosted: Thu Sep 20, 2007 6:00 pm
by spender
I'm not sure "x" is needed on /home, but it's harmless in this case.

-Brad