[scponly] Re: scponly

Sven Hoexter sven at timegate.de
Tue Mar 18 22:52:04 EST 2003 

On Tue, Mar 18, 2003 at 01:12:56PM -0800, wbr oblyr wrote:

Hi Joe, hi Chris, hi all,

> it looks like the chroot environment isnt quite quite right, but i'm not
> sure.
Well it's a nightmare to make such a thing portable over all flavours of unix.

> its a good idea to look at setup_chroot.sh and to try to manually
> accomplish the same steps - this way you will understand better what needs
> to be accomplished and how the script is failing you.
Regarding thes setup_chroot.sh script I though about rewritting it or more
implement another solution. In the last weeks I looked into several solutions
for automatic chroot setup but most of them are written for daemons like the
Apache httpd oder OpenSSHD and they use ldd and strace to find out wich
libs are needed and some generic information about config files.
Well I think such a tool is not realy suitable for scponly cause it's a shell
and not a daemon and sftp-server, rsync and few other things can't be located
with ldd and strace. So I thought about other ways to get on a clean base.
One way would be to set up file lists for all needed files on every os (this
divers a little bit between some unix flavours and Linux) and search for them
with find and/or locate. Would be easy to set up but a time and cpu consuming
task to set up the chroot on the server.
I would prefer to setup flat ascii tables with 2+x fields per row in the format
filename;common-path1;common-pathx
It would be easy to parse this file with awk and we kann then place the file
into the same location into the chroot where we found it in the real system.
Well it's some work to collect a master file list for every unix flavour and
nearly all Linux Distributions + sub releases.
In cases of symlinks to libs I see two ways we could deal with it:
1. Add another field into the db with a flag f for file and s for symlink
In the case of a symlink we would have to add the name of the file we link to
in the next field.

2. Test bevor we copy what we have.

This are just a few thoughts about how we could deal with the chroot stuff.
I'm willing to write something asap but I'm very busy ATM so I would love to
here something from other users and maybe somebody has the question to the
answer 42 ;P

Sven

-- 
It really sucks to give your heart to a girl
You want to know her like she knows the whole world
But 10 seconds in, it's obvious, your going nowhere...
[Bowling for Soup - Drunk Enough To Dance - I Don't Wanna Rock]

More information about the scponly mailing list