[scponly] Cannot start sftp-server session under scponlyc control on RH-Linux9.0

david.kubel david.kubel at reachtelecom.co.uk
Fri Sep 19 15:39:01 EDT 2003 

I too am trying to use the /usr/local/sbin/scponlyc alternative shell on a RedHat 9.0 system with the latest tar ball of sconly 3.8, and I also believe I've read the documentation; INSTALL, README and man scponly.

Having patched the setup_chroot.sh.in file for the @PROD_USERADD@ issue, I can create a new user and run through the 'make jail' process without a problem, though I do get errors about the following missing files:
		/usr/bin/install: cannot create regular file `/home/ftp4//lib/tls/libc.so.6': No such file or directory
		/usr/bin/install: cannot create regular file `/home/ftp4//usr/kerberos/lib/libcom_err.so.3': No such file or directory
		/usr/bin/install: cannot create regular file `/home/ftp4//usr/kerberos/lib/libgssapi_krb5.so.2': No such file or directory
		/usr/bin/install: cannot create regular file `/home/ftp4//usr/kerberos/lib/libk5crypto.so.3': No such file or directory
		/usr/bin/install: cannot create regular file `/home/ftp4//usr/kerberos/lib/libkrb5.so.3': No such file or directory
		/usr/bin/install: cannot stat `/lib/ld.so': No such file or directory
 
I copied the following into the chroot directory:
		/lib/tls/libc.so.6
		/usr/kerberos/lib/libcom_err.so.3
		/usr/kerberos/lib/libgssapi_krb5.so.2
		/usr/kerberos/lib/libk5crypto.so.3
		/usr/kerberos/lib/libkrb5.so.3
		/lib/ld-2.3.2.so    (and linked it to ld.so)

Using WinSCP 3.2.1, the connection is authorised by sshd but the sftp-server connection exits with error code 127 and no meaningful or helpful message.  If I change the shell in the real /etc/passwd file to /usr/local/bin/scponly (the non-chroot binary) then the SFTP session starts OK, but I can roam outside the home directory as expected.

I've tried copying other stuff into the chroot directory, like the contents of /etc/ssh, etc, but nothing I try works.  I've also tried re-making the binaries explicitly stating the --enable-winscp-compat option.  An ldd of the sftp-sever binary shows up no surprises either.

How do I get sftp-server to produce a debug log to help identify why it is exiting so, and where is the log placed?

Do I still need the bash executable in the chrooted bin directory if I'm only using sftp-server sessions?


David.

More information about the scponly mailing list