[scponly] having troubles with scponlyc

wbr oblyr joe at sublimation.org
Thu Jun 5 12:12:48 EDT 2003 

hm, this doesnt look right.  couple questions:

did you run the setup_chroot.sh script to set up your chroot dir?  its ok
if you didnt, as long as you did all the steps contained therein.

i dont see a lib dir in there, are all your binaries staticly linked?

also, something else to note: when you run your ./configure script, it
detects the full pathname of all the binaries it will be placing in the
chroot'ed dir.  lets say there is a binary /usr/bin/scp - that full
pathname is compiled into your scponly(c) binary.  then, when you get a
request for "scp", scponly invokes "/usr/bin/scp" (which is actually
"/chooted/dir/usr/bin/scp").

this explicit pathname definition is so that scponly doesnt have to search
a $PATH for the location of your binaries - which is problematic for a
number of security reasons.  so, long story short: your chroot binaries
must be in the same relative path that they are in your nonchrooted
filesystem.  if your scp is in /usr/bin/scp, then your chrooted scp cannot
be /chrooted/dir/bin/scp... hope that wasnt too confusing.  i think this
MAY relate to your issue, as it looks like your chroot dir was built by
hand.

joe

----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2


On Thu, 5 Jun 2003, Jeff MacDonald wrote:

> This should be it, and there might be a few extra files from my
> experimenting..
>
> drwxrwxr-x   3 rapmweb  rapmweb   512 Jun  4 10:42 bin
> drwxr-xr-x   2 jeff     rapmweb   512 Jun  4 10:30 etc
> drwxr-xr-x   3 root     rapmweb   512 May 27 11:12 usr
>
> ./bin:
> -r-xr-xr-x  1 root     rapmweb   63984 May 27 11:09 chmod
> -r-xr-xr-x  1 root     rapmweb   44876 May 27 11:08 echo
> -r-xr-xr-x  1 jeff     rapmweb    7068 Jun  4 10:20 groups
> -r-xr-xr-x  1 root     rapmweb  297256 May 27 11:08 ls
> -r-xr-xr-x  1 root     rapmweb   51548 May 27 11:08 mkdir
> -r-xr-xr-x  1 root     rapmweb   58064 Jun  4 10:19 pwd
> -r-xr-xr-x  1 root     rapmweb   47484 May 27 11:09 rmdir
> -rwxr-xr-x  1 jeff     rapmweb   26336 Jun  4 10:42 scp
>
> ./etc:
> -rw-r--r--  1 jeff  rapmweb   723 Jun  4 10:24 group
> -rw-r--r--  1 jeff  rapmweb  3707 Jun  4 10:30 passwd
>
> ./usr:
> drwxr-xr-x  2 root  rapmweb  512 May 27 11:12 bin
>
> ./usr/bin:
> -r-xr-xr-x  1 root  rapmweb  7068 May 27 11:11 groups
>
> Thanks.
>
> >> -----Original Message-----
> >> From: wbr oblyr [mailto:joe at sublimation.org]
> >> Sent: Wednesday, June 04, 2003 7:12 PM
> >> To: Jeff MacDonald
> >> Cc: scponly at lists.ccs.neu.edu
> >> Subject: Re: [scponly] having troubles with scponlyc
> >>
> >>
> >>
> >> could you do a 'ls -lR' in your chroot dir?  i dont need to
> >> see what you
> >> might be sharing in your chroot, just the system files so if
> >> you edit the
> >> results of that command, please leave in all the files relevant to
> >> scponly (with perms and other metadata.)
> >>
> >> thanks
> >> joe
> >>
> >> ----
> >>
> >> PGP KEY: http://www.sublimation.org/contact.html
> >> PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A
> >> 7D63 158F 22D2
> >>
> >>
> >> On Wed, 4 Jun 2003, Jeff MacDonald wrote:
> >>
> >> > Hi,
> >> >
> >> > I have scponlyc setup on freebsd 4.8, the client is running winscp2
> >> > on winxp.
> >> >
> >> > The user can login, only getting the groups error, and can
> >> travel around
> >> > their chrooted environment just fine, however when I try
> >> to copy a file
> >> > either from the server or to the server, I have troubles.
> >> >
> >> > Copying from server to windows machine =
> >> >   I get a popup saying "Cannot copy file: Cannot read from
> >> the source
> >> > file
> >> >   or disk. The popup is "behind" winscp, so I have to use
> >> alt tab to get
> >> > to it.
> >> >
> >> >   /var/log/messages [xxxx = our hostname, blanked out.]
> >> 404.html just
> >> > happened to be
> >> >   the file I was trying to copy.
> >> >   Jun  4 14:37:58 xxxx [38026]: failed: /usr/bin/scp -r -p -d -f
> >> > 404.html with error No such file or directory(2)
> >> >
> >> > Copying from windows machine to client =
> >> >   Just seems to take for ever.. when I click cancel it
> >> doesn't cancel.
> >> >   So I clicked on the X in the corner, and got this message
> >> >   "Host hasn't answered for 15 seconds.
> >> >    Wait for another 15 seconds ? Pressing Aport yada yada..
> >> >    Warning Aboring this operation will close connection"
> >> >
> >> >    /var/log/messages [/ = the location I was trying to copy to]
> >> >    Jun  4 14:40:11 xxxx [38063]: failed: /usr/bin/scp -r
> >> -d -t / with
> >> > error No such file or directory(2)
> >> >
> >> >
> >> > Any hints ? I think I got all the details I could.
> >> >
> >> > Thanks.
> >> >
> >> > Jeff.
> >> >
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > scponly mailing list
> >> > scponly at lists.ccs.neu.edu
> >> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >> >
> >>
> >>
>

More information about the scponly mailing list