chroot and tunnelling issue

[tristanlee85]

First off, forgive me for not having all the required details, but I am trying to get a head start on diagnosing a problem.

The server I am working with is running CentOS 5.x. MySQL and FTP access is tunnelled through SSH using OpenSSH. Users are chrooted to their home directory as follows:

User: tristan
Home: /web/tristan/

Now, up to this point everything works fine (FTP access) except for MySQL tunnelling. The application I use for MySQL administration is Navicat. It allows me to access the remote SQL server as though it's local using a SSH tunnel. The problem is that I am unable to create a connection to the SQL server through tunnelling unless chroot is removed for the user. Once chroot is removed, I am able to connect to the SQL server just fine via tunnelling. However, ow when using SFTP, the user's "home" directory is now the root of the drive (which is what we don't want).

I wish I could give you more information about the configuration. Another user set this server up and unfortunately I will not be able to access the machine until a few days from now so my information is limited. However, any ideas as to what could be causing this issue would be greatly appreciated.

[Rubberman]

Well, since users are chroot'd to their home directory, they cannot access anything that is not in that directory tree, so basically you are SOL regarding running any applications or accessing any files that aren't in a path the sees the user home directory as /.

[tristanlee85]

I figured MySQL running as a service though should be accessible whether you are chrooted to / or /home/user/web/whatever/

On my server, I grant remote SQL access to the user so I don't have the chroot issue since I don't tunnel through SSH to access the SQL server. Since we don't allow remote access in this case, tunneling is currently our option.

[Rubberman]

I figured MySQL running as a service though should be accessible whether you are chrooted to / or /home/user/web/whatever/

On my server, I grant remote SQL access to the user so I don't have the chroot issue since I don't tunnel through SSH to access the SQL server. Since we don't allow remote access in this case, tunneling is currently our option.

There are a number of files that MySQL clients require that are in the normal system root path, possibly including the database files themselves. If they cannot be accessed, then you are not going to get a connection. There are probably ways around that, such as hard links in the user directories, but I would need to experiment some to say what specifically you would need to do.