[scponly] Install for many accounts

[Sven Hoexter]

On Sun, Aug 24, 2003 at 10:26:52AM -0400, Matthew Moffitt wrote:

Hi Matthew,
have you ever heard about line wrapping?
Would be great if you break your lines at about 70 signs

> Once glitch I'm running into is in setting up the chroot option.  Walking through the instructions and looking through the setup_chroot.sh script I see how we set this up for a particular user with the binaries in their chroot'd directory.
Wich flavour of unix do you use? setup_chroot.sh is heavily
optimised for FreeBSD and other *BSD.
 
> However I'd like to have a single installation of the binaries but allow all users to have the scponly shell.  That would avoid having usr, bin, etc, and other folders tacked into their home directories.
>
> I tried modifying the setup in config.h to build these so it would look for a '.scponly/usr' and other folders instead of the default which I thought I could then symlink for each person but this won't work, it can't follow the symlink out of the jail.  Even if I copied this over to each person's home, making it look a little cleaner from their perspective, I still have the problem with programs like sftp-server having a hard coded path to find ld-elf.so.1 in /usr/libexec.
Well what you can do is setup one big chroot with scponlyc + needed
binarys and the users $HOME. Then you've to restrict the access to
the homedirs through the normal unix right system.
 
> Is there another approach that would facilitate creating an install for several hundred accounts still using a jail but not having the binaries copied over for each person?  I would think there must be a clean way to do this but I don't see it.
The problem with ssh/sftp/scponly is that there is no buildin ls
support and other things. So scponly always needs access to the
fileutils und linked libs.

Sven
-- 
http://www.comboguano.de
http://sven.linux-ist-pleite.de
I'm root, if you see me laughing you better have a backup!