AW: AW: [Maybe Spam][L] [scponly] scponly chroot jail on Solaris 8 (Intel)

Lammel Roland roland.lammel at kapsch.net
Tue Jul 13 03:00:09 EDT 2004


Luckily for scponly the chroot requirements are a little lower, so only scp/sftp itself has to work, so there is no need for too much else.

It works for me quite well in that setup.

+rl

-----Ursprüngliche Nachricht-----
Von: scponly-bounces at lists.ccs.neu.edu [mailto:scponly-bounces at lists.ccs.neu.edu] Im Auftrag von Anthony Brock
Gesendet: Montag, 12. Juli 2004 22:43
An: scponly at lists.ccs.neu.edu
Betreff: Re: AW: [Maybe Spam][L] [scponly] scponly chroot jail on Solaris 8 (Intel)

Just a thought, but you'll likely need to add '/usr/lib/security' to your chroot. There are several libraries that can be loaded dynamically based on configuration files (such as /etc/nsswitch.conf), of which this is a single example.

Good luck. It can take quite a while to configure a properly functioning Solaris (or Linux) chroot. However, once finished, I've found them to be quite stable and usable.

Tony


>>> Lammel Roland <roland.lammel at kapsch.net> 07/11/04 10:56PM >>>
Maybe as a starting point here's what i have in the chroot jail for scponlyc
(this is Solaris 8 Sparc, so there might be some differences)

Cheers

+rl

# find /home/jail
/home/jail
/home/jail/usr
/home/jail/usr/bin
/home/jail/usr/sbin
/home/jail/usr/local
/home/jail/usr/local/lib
/home/jail/usr/local/bin
/home/jail/usr/local/bin/scp
/home/jail/usr/local/libexec
/home/jail/usr/local/libexec/sftp-server
/home/jail/usr/lib
/home/jail/usr/lib/libc.so.1
/home/jail/usr/lib/libdl.so.1
/home/jail/usr/lib/libgen.so.1
/home/jail/usr/lib/libmp.so.2
/home/jail/usr/lib/libnsl.so.1
/home/jail/usr/lib/libpam.so.1
/home/jail/usr/lib/libsocket.so.1
/home/jail/usr/lib/ld.so
/home/jail/usr/lib/ld.so.1
/home/jail/usr/lib/nss_compat.so.1
/home/jail/usr/lib/nss_files.so.1
/home/jail/usr/libexec
/home/jail/usr/libexec/openssh
/home/jail/usr/ucb
/home/jail/usr/ucb/ls
/home/jail/usr/ucb/ln
/home/jail/usr/ucb/chown
/home/jail/usr/platform
/home/jail/usr/platform/SUNW,Ultra-4
/home/jail/usr/platform/SUNW,Ultra-4/lib
/home/jail/usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1
/home/jail/lib
/home/jail/lib/ld.so
/home/jail/bin
/home/jail/bin/rm
/home/jail/bin/mv
/home/jail/bin/chmod
/home/jail/bin/chgrp
/home/jail/bin/mkdir
/home/jail/bin/rmdir
/home/jail/etc
/home/jail/etc/passwd
/home/jail/incoming
/home/jail/incoming/oem.gif 

-----Ursprüngliche Nachricht-----
Von: scponly-bounces at lists.ccs.neu.edu [mailto:scponly-bounces at lists.ccs.neu.edu] Im Auftrag von Sue Bauer-Lee
Gesendet: Montag, 12. Juli 2004 05:38
An: scponly at lists.ccs.neu.edu 
Betreff: [Maybe Spam][L] [scponly] scponly chroot jail on Solaris 8 (Intel)

Great package. I've finally had a chance to attempt implementation.
First a Solaris Intel transfer system, then on to a RH Enterprise
system. As have others, I ran the setup_chroot..... script. It didn't
create a bin directory... seems like lots of stuff is missing. 

Has anyone successfully created this environment on a Solaris system?
What are the suggested contents of the jail directories (bin, etc, usr)?
Is a "dev" required? Also, is it better to create a "/home/users" jail
with the above listed system directories and the individual user
directories below, or a separate jail for each user?

TIA for the help. This is my last attempt at being able to deploy a
limited access scp/sftp user tomorrow since the standard company wide
sco wrapper shell isn't working with WinSCP......


_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu 
https://lists.ccs.neu.edu/bin/listinfo/scponly 

_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu 
https://lists.ccs.neu.edu/bin/listinfo/scponly


_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/scponly



More information about the scponly mailing list