Defined Type: ssh::chrootgroup

Defined in:
manifests/chrootgroup.pp

Overview

Sets up a chroot for a given group

Parameters:

  • group (String[1]) (defaults to: $title)

    The group used to setup a chroot environment.

  • tcp_forwarding (Boolean) (defaults to: false)

    Whether TCP forwarding is permitted.



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/chrootgroup.pp', line 6

define ssh::chrootgroup (
  String[1] $group          = $title,
  Boolean   $tcp_forwarding = false,
) {
  include ssh::params
  include ssh::chroot

  file {
    "/var/chroot/${group}":
      ensure => directory,
      owner  => 'root',
      group  => '0',
      mode   => '0755',
      ;
    "/var/chroot/${group}/drop":
      ensure => directory,
      owner  => 'root',
      group  => $group,
      mode   => '0775',
      ;
  }

  # Match directives MUST come last -- they match up until the next Match.
  concat::fragment { "ssh::params::sshd_config chroot ${group}":
    order   => '99',
    target  => 'ssh::params::sshd_config',
    content => ssh::fix_eol(
      epp('ssh/chroot_group.epp',
        {
          group          => $group,
          tcp_forwarding => $tcp_forwarding,
          force_command  => $ssh::params::sftp_subsystem,
        }
      )
    ),
  }
}