[scponly] having troubles with scponlyc

wbr oblyr joe at sublimation.org
Thu Jun 5 12:40:33 EDT 2003 

ok, i think i see what is happening.

your user's home directory is /usr/home/aim - this dir is owned by root.

when you scp to that directory, i THINK the permissions of the directory
are disallowing you from creating files in that directory.  now, this is a
good thing.  with scponly you do NOT want users to be able to write files
into their home dir, because then they can move files into .ssh which
changes the behaviour of the ssh server in relation to scponly.  users CAN
circumvent scponly if they can write to their home dir.

so two things: try scp'ing into the "incoming" directory.  it is there for
the reason enumerated above.  (the incoming dir is the only dir in the
user's home dir they should have permissions to write to.)

if that works, try enabling chroot again.

(and if that works too, you can set the user's home dir to
/usr/home/aim//incoming - which means "chroot to /usr/home/aim then cd to
incoming".  this feature is only useful for stateful scp clients like
winscp.)

good luck,
joe

----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2


On Thu, 5 Jun 2003, Feargal Reilly wrote:

> On Wed, 4 Jun 2003 16:12:10 -0700 (PDT)
> wbr oblyr <joe at sublimation.org> wrote:
>
> >
> > could you do a 'ls -lR' in your chroot dir?  i dont need to see what you
> > might be sharing in your chroot, just the system files so if you edit the
> > results of that command, please leave in all the files relevant to
> > scponly (with perms and other metadata.)
>
> As I mentioned, it's happening regardless of whether scponly or scponlyc is being used.
> Here's the directory for the initial user I tried to use scponlyc with:
>
> feargal at jupiter:/usr/home/aim
> ttyp0> ls -lR
> total 10
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:26 bin
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:27 etc
> drwxr-xr-x  2 aim   wheel  512 Jun  4 10:27 incoming
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:26 lib
> drwxr-xr-x  7 root  wheel  512 Jun  4 10:26 usr
>
> ./bin:
>
> ./etc:
> total 40
> -rw-r--r--  1 root  wheel  40960 Jun  4 10:27 pwd.db
>
> ./incoming:
>
> ./lib:
>
> ./usr:
> total 10
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:26 bin
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:27 lib
> drwxr-xr-x  3 root  wheel  512 Jun  4 10:27 libexec
> drwxr-xr-x  4 root  wheel  512 Jun  4 10:26 local
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:26 sbin
>
> ./usr/bin:
>
> ./usr/lib:
> total 1856
> -rwxr-xr-x  1 root  wheel   578176 Jun  4 10:27 libc.so.4
> -rwxr-xr-x  1 root  wheel  1021460 Jun  4 10:27 libcrypto.so.3
> -rwxr-xr-x  1 root  wheel   191636 Jun  4 10:27 libssh.so.2
> -rwxr-xr-x  1 root  wheel    52108 Jun  4 10:27 libz.so.2
>
> ./usr/libexec:
> total 170
> -rwxr-xr-x  1 root  wheel  81932 Jun  4 10:27 ld-elf.so.1
> -rwxr-xr-x  1 root  wheel  69632 Jun  4 10:27 ld.so
> drwxr-xr-x  2 root  wheel    512 Jun  4 10:26 openssh
> -rwxr-xr-x  1 root  wheel  17680 Jun  4 10:26 sftp-server
>
> ./usr/libexec/openssh:
>
> ./usr/local:
> total 4
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:26 bin
> drwxr-xr-x  2 root  wheel  512 Jun  4 10:26 lib
>
> ./usr/local/bin:
>
> ./usr/local/lib:
>
> ./usr/sbin:
> feargal at jupiter:/usr/home/aim
> ttyp0>
>
> And here's the homedir of the test user using scponly
> ttyp0> ls -la ~test
> total 4
> drwxr-xr-x  2 test  wheel  512 Jun  5 19:29 .
> drwxr-xr-x  8 root  wheel  512 Jun  4 10:32 ..
>
> Thanks,
> -Feargal.
>
> > thanks
> > joe
> >
> > ----
> >
> > PGP KEY: http://www.sublimation.org/contact.html
> > PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2
> >
> >
> > On Wed, 4 Jun 2003, Jeff MacDonald wrote:
> >
> > > Hi,
> > >
> > > I have scponlyc setup on freebsd 4.8, the client is running winscp2
> > > on winxp.
> > >
> > > The user can login, only getting the groups error, and can travel around
> > > their chrooted environment just fine, however when I try to copy a file
> > > either from the server or to the server, I have troubles.
> > >
> > > Copying from server to windows machine =
> > >   I get a popup saying "Cannot copy file: Cannot read from the source
> > > file
> > >   or disk. The popup is "behind" winscp, so I have to use alt tab to get
> > > to it.
> > >
> > >   /var/log/messages [xxxx = our hostname, blanked out.] 404.html just
> > > happened to be
> > >   the file I was trying to copy.
> > >   Jun  4 14:37:58 xxxx [38026]: failed: /usr/bin/scp -r -p -d -f
> > > 404.html with error No such file or directory(2)
> > >
> > > Copying from windows machine to client =
> > >   Just seems to take for ever.. when I click cancel it doesn't cancel.
> > >   So I clicked on the X in the corner, and got this message
> > >   "Host hasn't answered for 15 seconds.
> > >    Wait for another 15 seconds ? Pressing Aport yada yada..
> > >    Warning Aboring this operation will close connection"
> > >
> > >    /var/log/messages [/ = the location I was trying to copy to]
> > >    Jun  4 14:40:11 xxxx [38063]: failed: /usr/bin/scp -r -d -t / with
> > > error No such file or directory(2)
> > >
> > >
> > > Any hints ? I think I got all the details I could.
> > >
> > > Thanks.
> > >
> > > Jeff.
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > scponly mailing list
> > > scponly at lists.ccs.neu.edu
> > > https://lists.ccs.neu.edu/bin/listinfo/scponly
> > >
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>

More information about the scponly mailing list