I use Golang as SFTP server for my application and I would like to isolate my clients with a different root directory.
This application allows multiple client connection but I would like to serve custom root directory for each clients (for better isolation).
In golang I tried to fork the process but it does not seem to be possible: Fork a go process
I have tried syscall.Chroot into a goroutine but the all binary is being chrooted... In the meantime, this prevent other clients from using the service as the binary is chrooted by the current user.
If you have a possible solution for my problem, I would be very happy to read you.
func main() {
if listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", sshServer.Port)); err == nil {
for {
if nConn, err := listener.Accept(); err == nil {
// ...
if sshConn, chans, reqs, err := ssh.NewServerConn(nConn, &sshServer.Config); err == nil {
// ...
// Accept all channels
go handleChannels(chans)
}
}
}
}
}
...
func handleChannels(chans <-chan ssh.NewChannel) {
// Service the incoming Channel channel.
for newChannel := range chans {
// ...
if err := syscall.Chroot(chrootPath); err != nil {
panic(err)
}
if err := os.Chdir("/"); err != nil {
panic(err)
}
channel, requests, errChannel := newChannel.Accept()
if err := server.Serve(); err == io.EOF {
server.Close()
}
}
}
Libs used:
- golang.org/x/crypto/ssh
- github.com/pkg/sftp
