# chrooted sftp and pam_mkhomedir, how to set root as owner?



## olav (Feb 2, 2011)

I've configured a chrooted sftp service through ldap. If the user doesn't have a home folder it will automatically create it with the pam_mkhomedir module.

But there is a problem, a chrooted sftp will not chroot a folder not owned by root for security reasons. Is it possible to work around this somehow? I can't find any information about overriding the owner of the folder created by pam_mkhomedir. Is it possible?


----------



## gordon@ (Feb 6, 2011)

Hack the pam_mkhomedir source file. Look for the following line:

```
copymkdir(pwd->pw_dir, skeldir, getmode(set, S_IRWXU | S_IRWXG | S_IRWXO), pwd->pw_uid,pwd->pw_gid);
```

And replace it with:


```
copymkdir(pwd->pw_dir, skeldir, getmode(set, S_IRWXU | S_IRWXG | S_IRWXO), 0, 0);
```

Recompile and install.

It's totally untested, but should work.

Remember though, this will prevent the user from being able to upload anything since the newly created directory gives them absolutely no permissions. It's probably not very helpful.


----------



## olav (Feb 6, 2011)

Thank you for your fantastic suggestion! 

I'm still a newb when it comes to advanced modifications so I wonder where can I find the source code for that port?

I know that the user will have problems doing things in that home folder. But I can still set read permissions, which is exactly what I want


----------



## olav (Feb 7, 2011)

I figured it out.

With the command
[CMD=""]make extract[/CMD] 
it will create a directory named work with the source code.

I applied your changes and recompiled & reinstalled the module.
And it worked just perfect 

Now I'm gonna hack it more! Because I want more features


----------

