[scponly] having troubles with scponlyc
Jeff MacDonald
jeff at interchange.ca
Thu Jun 5 15:47:22 EDT 2003
Long story, but one of the other admin's got it working.
The make jail script is a bit mis-named. We intentionally
avoided it, cause we did not want to setup a jail.
But after looking at it's source we found that it just
copied some files, and didn't actually make a fbsd jail.
So we just used the script and it works now.
Sorry for the waste of bandwidth.
>> -----Original Message-----
>> From: wbr oblyr [mailto:joe at sublimation.org]
>> Sent: Thursday, June 05, 2003 2:13 PM
>> To: Jeff MacDonald
>> Cc: scponly at lists.ccs.neu.edu
>> Subject: RE: [scponly] having troubles with scponlyc
>>
>>
>>
>> hm, this doesnt look right. couple questions:
>>
>> did you run the setup_chroot.sh script to set up your chroot
>> dir? its ok
>> if you didnt, as long as you did all the steps contained therein.
>>
>> i dont see a lib dir in there, are all your binaries staticly linked?
>>
>> also, something else to note: when you run your ./configure
>> script, it
>> detects the full pathname of all the binaries it will be
>> placing in the
>> chroot'ed dir. lets say there is a binary /usr/bin/scp - that full
>> pathname is compiled into your scponly(c) binary. then,
>> when you get a
>> request for "scp", scponly invokes "/usr/bin/scp" (which is actually
>> "/chooted/dir/usr/bin/scp").
>>
>> this explicit pathname definition is so that scponly doesnt
>> have to search
>> a $PATH for the location of your binaries - which is
>> problematic for a
>> number of security reasons. so, long story short: your
>> chroot binaries
>> must be in the same relative path that they are in your nonchrooted
>> filesystem. if your scp is in /usr/bin/scp, then your
>> chrooted scp cannot
>> be /chrooted/dir/bin/scp... hope that wasnt too confusing.
>> i think this
>> MAY relate to your issue, as it looks like your chroot dir
>> was built by
>> hand.
>>
>> joe
>>
>> ----
>>
>> PGP KEY: http://www.sublimation.org/contact.html
>> PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A
>> 7D63 158F 22D2
>>
>>
>> On Thu, 5 Jun 2003, Jeff MacDonald wrote:
>>
>> > This should be it, and there might be a few extra files from my
>> > experimenting..
>> >
>> > drwxrwxr-x 3 rapmweb rapmweb 512 Jun 4 10:42 bin
>> > drwxr-xr-x 2 jeff rapmweb 512 Jun 4 10:30 etc
>> > drwxr-xr-x 3 root rapmweb 512 May 27 11:12 usr
>> >
>> > ./bin:
>> > -r-xr-xr-x 1 root rapmweb 63984 May 27 11:09 chmod
>> > -r-xr-xr-x 1 root rapmweb 44876 May 27 11:08 echo
>> > -r-xr-xr-x 1 jeff rapmweb 7068 Jun 4 10:20 groups
>> > -r-xr-xr-x 1 root rapmweb 297256 May 27 11:08 ls
>> > -r-xr-xr-x 1 root rapmweb 51548 May 27 11:08 mkdir
>> > -r-xr-xr-x 1 root rapmweb 58064 Jun 4 10:19 pwd
>> > -r-xr-xr-x 1 root rapmweb 47484 May 27 11:09 rmdir
>> > -rwxr-xr-x 1 jeff rapmweb 26336 Jun 4 10:42 scp
>> >
>> > ./etc:
>> > -rw-r--r-- 1 jeff rapmweb 723 Jun 4 10:24 group
>> > -rw-r--r-- 1 jeff rapmweb 3707 Jun 4 10:30 passwd
>> >
>> > ./usr:
>> > drwxr-xr-x 2 root rapmweb 512 May 27 11:12 bin
>> >
>> > ./usr/bin:
>> > -r-xr-xr-x 1 root rapmweb 7068 May 27 11:11 groups
>> >
>> > Thanks.
>> >
>> > >> -----Original Message-----
>> > >> From: wbr oblyr [mailto:joe at sublimation.org]
>> > >> Sent: Wednesday, June 04, 2003 7:12 PM
>> > >> To: Jeff MacDonald
>> > >> Cc: scponly at lists.ccs.neu.edu
>> > >> Subject: Re: [scponly] having troubles with scponlyc
>> > >>
>> > >>
>> > >>
>> > >> could you do a 'ls -lR' in your chroot dir? i dont need to
>> > >> see what you
>> > >> might be sharing in your chroot, just the system files so if
>> > >> you edit the
>> > >> results of that command, please leave in all the files
>> relevant to
>> > >> scponly (with perms and other metadata.)
>> > >>
>> > >> thanks
>> > >> joe
>> > >>
>> > >> ----
>> > >>
>> > >> PGP KEY: http://www.sublimation.org/contact.html
>> > >> PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A
>> > >> 7D63 158F 22D2
>> > >>
>> > >>
>> > >> On Wed, 4 Jun 2003, Jeff MacDonald wrote:
>> > >>
>> > >> > Hi,
>> > >> >
>> > >> > I have scponlyc setup on freebsd 4.8, the client is
>> running winscp2
>> > >> > on winxp.
>> > >> >
>> > >> > The user can login, only getting the groups error, and can
>> > >> travel around
>> > >> > their chrooted environment just fine, however when I try
>> > >> to copy a file
>> > >> > either from the server or to the server, I have troubles.
>> > >> >
>> > >> > Copying from server to windows machine =
>> > >> > I get a popup saying "Cannot copy file: Cannot read from
>> > >> the source
>> > >> > file
>> > >> > or disk. The popup is "behind" winscp, so I have to use
>> > >> alt tab to get
>> > >> > to it.
>> > >> >
>> > >> > /var/log/messages [xxxx = our hostname, blanked out.]
>> > >> 404.html just
>> > >> > happened to be
>> > >> > the file I was trying to copy.
>> > >> > Jun 4 14:37:58 xxxx [38026]: failed: /usr/bin/scp
>> -r -p -d -f
>> > >> > 404.html with error No such file or directory(2)
>> > >> >
>> > >> > Copying from windows machine to client =
>> > >> > Just seems to take for ever.. when I click cancel it
>> > >> doesn't cancel.
>> > >> > So I clicked on the X in the corner, and got this message
>> > >> > "Host hasn't answered for 15 seconds.
>> > >> > Wait for another 15 seconds ? Pressing Aport yada yada..
>> > >> > Warning Aboring this operation will close connection"
>> > >> >
>> > >> > /var/log/messages [/ = the location I was trying
>> to copy to]
>> > >> > Jun 4 14:40:11 xxxx [38063]: failed: /usr/bin/scp -r
>> > >> -d -t / with
>> > >> > error No such file or directory(2)
>> > >> >
>> > >> >
>> > >> > Any hints ? I think I got all the details I could.
>> > >> >
>> > >> > Thanks.
>> > >> >
>> > >> > Jeff.
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> > _______________________________________________
>> > >> > scponly mailing list
>> > >> > scponly at lists.ccs.neu.edu
>> > >> > https://lists.ccs.neu.edu/bin/listinfo/scponly
>> > >> >
>> > >>
>> > >>
>> >
>>
>>
More information about the scponly
mailing list