[scponly] Re: scponly comments

joe joe at sublimation.org
Thu Sep 19 13:41:25 EDT 2002 

jeff, thanks for the info and comments. see inline comments.

joe

>
> Joe-
>
> I have been playing with your scponly software. It looks like the new
> 3.1 of scponlyc (chrooted) somehow horks up scp's to a subdirectory of
> the users home.
>

horks?


> If the user's home is writeable, he can copy files to and from home.
> If the users home is not writable, but there is a directory called
> incoming that is writeable, the user cannot write to that directory.

i'm not clear on this, there is no automated installer for the case where
you use a user owned home directory.  you have to set that up manuallt.
am i understanding you correctly?

>
> It worked in the 2.4 version -- I don't know what's wrong.
>
> I also was earlier having some trouble with scp failing with an error
> like "user 60000 unknown". I fixed that by adding libnss_files* and
> libpam* to the lib directory in the chrooted home. This was with
> OpenSSH 3.1 on Redhat 7.2

ahh, very interesting.  i will include this in the scponly INSTALL notes.
>
> Lastly,
>
> when setup_chroot.sh is created, it's incorrect in several places.
>
> You have tests that look like:
>
> if [ xscponlyc = x ]
>
> instead of what you meant:
>
> if [ x$scponlyc = x ]

actually, no.  i am checking to see if the configure script was invoked
with --enable-chrooted-binary

try configuring without the chrooted binary and then examine the
setup_chroot.sh script.  it will make sense why the check works that way.

>
> So it looks like you need to quote the dollar sign when creating the shell script.
>
> BTW -- there is an easier way to see if a shell variable is null -- you can use -n and -z like this:
>
> xx=yy
>
> [ -z "$xx" ] && echo "xx is null"
>
> unset xx
>
> [ -n "$xx" ] && echo "xx is not null"
>
> You might find that it's easier to simply write a cross platform compatible shell script than trying to build it from your configure script.
>
> Oh one more thing FWIW -- that black background, combined with the multicolor text, makes the site really hard to read. I finally had to just override the site colors in Netscape to something easier on the eyes.
>
> Thanks,
>
> Jeff
>
> PS -- I think that you have the start of a very good thing there with scponly.
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!

More information about the scponly mailing list