Per the manual on http://dovetail.com/docs/sftp/config.ht ... ver_rc_all under the 'Sample user sftp-server.rc' file it says:
Code: Select all
"The SFTP_ZOS_INITIAL_DIR environment variable can be used to override the home directory on the server. By default this is the user's USS home directory. If the string // or /-/ is supplied, the user's MVS top level qualifier is used. Otherwise an absolute path (USS or MVS dataset space) may be supplied."
Based on this we assumed that by setting SFTP_ZOS_INITIAL_DIR it would change both the initial directory and the home directory and thus effect the behavior of the exit. However, when we look at the session logs, we see CZCHKCMD is denying that new home directory.
Is this working as designed? We need the ability to have all the users kept in their home directory with the exception of a few as previously mentioned.
Code: Select all
[46.653] debug3: initial zos directory requested: /HR/ [46.653] debug1: request 256: sent names count 1 [48.959] debug3: Type: SSH2_FXP_REALPATH [48.959] debug3: request 256: realpath [48.959] realpath "/HR/." ZosUtil[F]: -> zos_opendir(XXXXXXX, "/HR") ZosExitInterface[T]: -> checkCommandWithFileArg(LIST /HR) ZosExitInterface[D]: -> checkSetFiletype(SEQ) ZosExitInterface[D]: <- checkSetFiletype(true (no change)) CZCHKCMD[T]: -> CZCHKCMD (HOMEBOX) (userid=USER12 , cmd=LIST , in_args=/HR) CZCHKCMD[F]: dir_type=HFS , dir=/u/user12, file_type=SEQ CZCHKCMD[T]: home_dir: /u/user12/ CZCHKCMD[T]: dest_dir: /HR CZCHKCMD[D]: '/HR' not in home directory, denying CZCHKCMD[T]: <- CZCHKCMD (HOMEBOX) (1)
Alternatively, has anyone successfully been able to create a chroot jail with Co:Z SFTP server functions enabled? I've only been able to successfully setup ChrootDirectory while using internal-sftp method. A guide added to the manual on how to do this with Co:Z SFTP server would be nice - including what files should be placed within the new root directory for all Co:Z functions to work for an SFTP session.