From explosive at hvc.rr.com Thu May 6 20:39:53 2004 From: explosive at hvc.rr.com (Johann Koenig) Date: Thu May 6 20:40:02 2004 Subject: [scponly] logging to wtmp Message-ID: <20040506203953.6ca9a986@note> How can I get scponly to log to wtmp? I'm running Debian Sid with scponly 3.9. Is this a configuration setting that I'm missing? I can see the information in /var/log/auth.log, but it doesn't seem to be logging anywhere else. Thank you -- -johann koenig Now Playing: The Offspring - Come Out and Play : Smash Today is Sweetmorn, the 53rd day of Discord in the YOLD 3170 My public pgp key: http://mental-graffiti.com/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040506/577951c1/attachment.bin From joris at v5.be Sat May 15 03:57:35 2004 From: joris at v5.be (Joris) Date: Sat May 15 03:57:49 2004 Subject: [scponly] unison HOME variable? Message-ID: <40A5CD6F.3090501@v5.be> Hi, I think I've got scponly all set up, but unison fails with: Contacting server... Fatal error: exception Util.Fatal("Environment variable HOME not found") Fatal error: Lost connection with the server I don't see any way of setting the $HOME variable, there's obviously no shell to set it in. I set up scponly 3.11 on a debian stable machine, with unison 2.9.1, in a chrooted setup. Everything else seems to be working. Any help or pointers would be greatly appreciated -- Greetings Joris joris@v5.be From nhb at nexgo.de Fri May 21 13:50:28 2004 From: nhb at nexgo.de (Hendrik Brummermann) Date: Fri May 21 13:49:56 2004 Subject: [scponly] Webpage: Underlining of a-tag Message-ID: <40AE4164.9060501@nexgo.de> Hello, I think it is very difficult to read the web-page and find links because a lot of text is underlined. Please remove the following line from the style sheet to prevent " : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040525/bb8808f2/attachment.bin From martysp at toadmail.com Tue May 25 17:22:01 2004 From: martysp at toadmail.com (Marty Saletta) Date: Tue May 25 17:19:19 2004 Subject: [scponly] Can scponly and sftplogging patch co-exist? In-Reply-To: References: Message-ID: <8FFEE5BE-AE91-11D8-A753-000393970870@toadmail.com> Hi Michelle (and rest of list), As part of normal security procedures, I had already removed the following packages even before building OpenSSH: SUNWsshdu SUNWsshdr SUNWsshr SUNWsshu SUNWsshcu Am I missing anything else? pkginfo | grep -i ssh doesn't return anything else. So I take it you've got the sftplogger + scponly working on Solaris? Please, any build hints would be welcomed... Thanks! Marty On May 25, 2004, at 4:12 PM, Michelle Smer wrote: > i had the same problem. remove the ssh packages that come > with Solaris 9. my guess is that it's linked to the original > sftp. > michelle > > > ---- Original message ---- >> Date: Tue, 25 May 2004 14:27:19 -0400 >> From: Marty Saletta >> Subject: [scponly] Can scponly and sftplogging patch co- > exist? >> To: scponly@lists.ccs.neu.edu >> >> >> To the scponly gurus: >> >> I've been trying out scponly/scponlyc for a short time > now, and >> everything seems to work fine until I try to apply the > sftplogging >> patch from http://sftplogging.sourceforge.net. >> >> I'm trying to build scponly 3.11 and sftplogging patch > 1.2 with >> OpenSSH 3.8p1 on >> a Sparc Solaris 9 system. It seems that I'm able to run > the patched >> ssh code >> to get logging without scponly users, and I'm able to have > scponly >> users with >> the unpatched ssh code- both work well by themselves. The > problem is >> that >> when I set up an scponly/scponlyc user with the patched ssh > code, >> I see in my messages file that sftp-server starts, and the > next line >> is sftp-server dumping core, causing the session to end. >> >> I originally suspected the chroot environment, but I > have the same >> problem >> for both scponly and scponlyc, so that can't be it, right? >> >> Has anyone successfully built OpenSSH with the > sftplogging patch and >> rolled in >> scponly on Solaris 9? Any help would be appreciated. >> >> Thanks! >> Marty >> >> >> _______________________________________________ >> scponly mailing list >> scponly@lists.ccs.neu.edu >> https://lists.ccs.neu.edu/bin/listinfo/scponly > From david at hexstream.eu.org Tue May 25 18:18:47 2004 From: david at hexstream.eu.org (David Ramsden) Date: Tue May 25 18:18:05 2004 Subject: [scponly] scponly 3.11 various bug fixes - patch released. Message-ID: <20040525221847.GA2331@hexstream> Hi, First of all a disclaimer: This isn't an official patch released by the author of scponly :) I've finally cracked the chdir problem in scponly and also found a few other bugs whilst doing this so I've decided to release a patch on my website[1] Firstly, this patch adds correct chdir support to scponly when used as a chrooted binary. This has been a problem from the very start (IIRC). If you're wondering why scponlyc does not chdir when using something like /home/fred//incoming then this patch is for you. Secondly, I found a few typos in the UNISON compatibility code. There was a reference to "EXIT_FAIL" (should be EXIT_FAILURE) and "debug" (should be debuglevel) - this is addressed in my patch. The patch is against version 3.11, from the scponly website. To apply, cd in to the scponly-3.11 directory after untar'ing and first run: $ patch -p0 --dry-run < ../scponly-3.11-bugfixes.patch If this applies without failing, run: $ patch -p0 < ../scponly-3.11-bugfixes.patch Lastly - I'm not a great C programmer. There might be better ways of implementing my chdir fix but it works for me and works well. I have bug tested it too. I think it's "secure" too. i.e. safe from buffer overflows. [1] http://david.hexstream.eu.org/scponly-3.11-bugfixes.patch Hope this helps everyone. Regards, David. -- .''`. David Ramsden : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040525/5bde89d2/attachment.bin From Paul.Hyder at noaa.gov Tue May 25 18:34:25 2004 From: Paul.Hyder at noaa.gov (Paul Hyder) Date: Tue May 25 18:34:30 2004 Subject: [scponly] Re: chdir in chroot problem (re-visited) In-Reply-To: <20040525205927.GA27012@hexstream> References: <20040525192532.GA86@hexstream> <20040525205927.GA27012@hexstream> Message-ID: <40B3C9F1.3000703@noaa.gov> Ok, it is time to ask: Which operating system is this? The behavior you desire should already be working, i.e. if the top level /etc/passwd file has a home directory for a user that is /home/fred//www AND the directory /home/fred/www exists then that is the directory scponlyc should see as that user's home. This also means the scponlyc support directories (etc,bin,etc) have been installed in /home/fred. (i.e. "This works for me on Linux. What's different in your setup?") Almost sounds like a chroot behavior difference. Paul Hyder NOAA Forecast Systems Lab Boulder, CO FYI: Home directory capture occurred at line 145 with the call to helper.c:get_uservar. David Ramsden wrote: > On Tue, May 25, 2004 at 08:25:32PM +0100, david wrote: > [snip] > >>So when they login, they automatically get chdir'ed to ~/www >>This doesn't work when using scponlyc - It does work however when using >>scponly >> >>So it's something either wrong in scponlyc itself or with my chroot. But >>others have reported this too and I believe before scpjailer was >>announced. >> > > [snip] > > OK - I've been poking around with the source and this is what I've > found: > > scponly.c, line 158 - The while loop gets the "root directory", > excluding any additional chdir stuff. So it you had > /home/fred//www, this gets transformed to /home/fred which is used > to chroot() later. > > scponly.c, line 170 - Here, it chroot()'s to the determined "root > directory". i.e. /home/fred but it does not honour any additional chdir > stuff. This was disregarded ealier in the while() to determine the > correct "root directory" to chroot() to. > > So after the chroot() stuff (line 170 of scponly.c) it needs to do a > chdir() if it's needed to "/www" for example if earlier, the > homedir was something like /home/fred//www (taken from > /etc/passwd). > > I'm not really a great C programmer - I believe this is what needs to be > done here to fix this problem once and for all. Can someone knock up a > patch as a kind of proof-of-concept? > > I can manually hack it. So after the chroot() at line 170, I can add in > chdir("/www") as if it was correctly honouring "/home/fred//www" and it > works fine. > > I hope this helps! > Look forward to seeing this bug fixed, if indeed I'm on the right track. > > Regards, > David. > > > ------------------------------------------------------------------------ > > _______________________________________________ > scponly mailing list > scponly@lists.ccs.neu.edu > https://lists.ccs.neu.edu/bin/listinfo/scponly From david at hexstream.eu.org Tue May 25 19:10:05 2004 From: david at hexstream.eu.org (David Ramsden) Date: Tue May 25 19:09:16 2004 Subject: [scponly] Re: chdir in chroot problem (re-visited) In-Reply-To: <40B3C9F1.3000703@noaa.gov> References: <20040525192532.GA86@hexstream> <20040525205927.GA27012@hexstream> <40B3C9F1.3000703@noaa.gov> Message-ID: <20040525231005.GA367@hexstream> On Tue, May 25, 2004 at 04:34:25PM -0600, Paul Hyder wrote: > Ok, it is time to ask: Which operating system is this? Debian GNU/Linux 3.0 (woody). Kernel 2.4.26 w/ grsecurity patch. > > The behavior you desire should already be working, i.e. if > the top level /etc/passwd file has a home directory for a user > that is /home/fred//www AND the directory /home/fred/www exists > then that is the directory scponlyc should see as that user's home. Yes - this is correct. get_uservar() in helper.c is indeed setting the correct data in the global homedir variable. i.e. /home/fred//www But look in scponly.c:154 as I said - it takes homedir (chrootdir) and using a pointer, removes any chdir stuff from it - i.e. everything after two forward slashes are found. This is so it can chroot() correctly. After this, there is no call to chdir() to make it honour //www for example. I also believe you need to force a chdir() after a chroot() for security reasons. Well, various sources say you MUST do a chdir() after the chroot "otherwise the old current directory will be accessible as "." out the new root!" (quoting from a website). grsecurity in my case may be forcing a chdir("/") anyway. > This also means the scponlyc support directories (etc,bin,etc) > have been installed in /home/fred. (i.e. "This works for me on > Linux. What's different in your setup?") > Yes - there is no problem with the chroot itself. There seems to be a bug in scponly.c that needs to be addressed. Thinking about this, the patch I posted should really force a chdir("/") if no "//www" or whatever is found in homedir for security reasons. I shall ammend that now. Thanks. David. -- .''`. David Ramsden : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040526/1c90c2bf/attachment.bin From david at hexstream.eu.org Tue May 25 19:25:14 2004 From: david at hexstream.eu.org (David Ramsden) Date: Tue May 25 19:24:25 2004 Subject: [scponly] Re: scponly 3.11 various bug fixes - patch released. In-Reply-To: <20040525221847.GA2331@hexstream> References: <20040525221847.GA2331@hexstream> Message-ID: <20040525232514.GA10372@hexstream> On Tue, May 25, 2004 at 11:18:47PM +0100, david wrote: > Hi, > [snip] > > I've finally cracked the chdir problem in scponly and also found a few > other bugs whilst doing this so I've decided to release a patch on my > website[1] > [snip] Replying to my own post again - sorry for all the posts today! I've just updated my patch again because of something security related I've uncovered whilst researching this: After a call to chroot(), chdir("/") MUST be called or the chroot() can be broken out of. For me, the bug originally came about because I'm using grsecurity which enforces a chdir("/") on any call to chroot() to make it more secure. In my updated patch, the chng_dir variable has a default of "/" so even if you're not using something like /home/fred//www and/or not using grsecurity, it'll still chdir("/") after the chroot() call. I'd personally strongly recommend this is fixed ASAP because the current chroot() function can be broken out of very easily. [1] http://david.hexstream.eu.org/scponly-3.11-bugfixes.patch So in conclusion - anyone having chdir problems where "/home/fred//incoming" (for example) isn't chdir'ing to /incoming after the chroot should get this problem fixed with this patch. But more importantly it fixes a security issue in scponly! Thanks and regards, David. -- .''`. David Ramsden : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040526/be6c9192/attachment-0001.bin From david at hexstream.eu.org Tue May 25 20:38:23 2004 From: david at hexstream.eu.org (David Ramsden) Date: Tue May 25 20:37:31 2004 Subject: [scponly] Re: scponly 3.11 various bug fixes - patch released. In-Reply-To: <40B3E40F.5060306@noaa.gov> References: <20040525221847.GA2331@hexstream> <20040525232514.GA10372@hexstream> <40B3E40F.5060306@noaa.gov> Message-ID: <20040526003823.GA31088@hexstream> On Tue, May 25, 2004 at 06:25:51PM -0600, Paul Hyder wrote: > >After a call to chroot(), chdir("/") MUST be called or the chroot() can > >be broken out of. For me, the bug originally came about because I'm > >using grsecurity which enforces a chdir("/") on any call to chroot() to > >make it more secure. > > Ok, I'm curious, in scponly without a shell how can you break out of > the chroot? (There is a lot scponly already won't let you do. > Always interested in what might need to be added.) Yes, this is true Paul. Sorry - I totally overlooked that! How silly of me. But as a matter of secure programming and principle I believe the current implementation isn't technically "secure" (OK - nothing is) and is therefore a security hole, if you like. > > But your behavior does make sense if grsecurity is doing an explicit > chdir. (Otherwise you should already be in the home directory.) Indeed. It's all falling in to place now. There is no problem getting in to the chroot'ed home directory - it just doesn't 1.) honour "/home/fred//incoming" style $HOME's 2.) make a call to chdir(2) as it really should do. Thanks for your feedback and interest. This is the first patch I've ever released for any open source software so I hope what I'm rambling on about is sound and the patch is OK :-) Kind regards to you. David. -- .''`. David Ramsden : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040526/47c6cf22/attachment.bin From thomas at wana.at Wed May 26 03:36:59 2004 From: thomas at wana.at (Thomas Wana) Date: Wed May 26 03:42:11 2004 Subject: [scponly] scponly 3.11 various bug fixes - patch released. In-Reply-To: <20040525221847.GA2331@hexstream> References: <20040525221847.GA2331@hexstream> Message-ID: <200405260936.59560.thomas@wana.at> Am Mittwoch, 26. Mai 2004 00:18 schrieb David Ramsden: > > [1] http://david.hexstream.eu.org/scponly-3.11-bugfixes.patch ... > snprintf(chng_dir, FILENAME_MAX, root_dir + 1, strlen(root_dir)); Just a note, don't use string constants as format strings. While this is no format string bug here, this is the typical source of format string bugs. Someone changes something here in the future and *bang*. Additionally, the strlen(root_dir) at the end is unneccessary. Instead, use snprintf(chng_dir, FILENAME_MAX, "%s", root_dir + 1); Tom > > Hope this helps everyone. > Regards, > David. From thomas at wana.at Wed May 26 03:59:13 2004 From: thomas at wana.at (Thomas Wana) Date: Wed May 26 04:04:21 2004 Subject: [scponly] scponly 3.11 various bug fixes - patch released. In-Reply-To: <200405260936.59560.thomas@wana.at> References: <20040525221847.GA2331@hexstream> <200405260936.59560.thomas@wana.at> Message-ID: <200405260959.13434.thomas@wana.at> Am Mittwoch, 26. Mai 2004 09:36 schrieb Thomas Wana: > Instead, use > > snprintf(chng_dir, FILENAME_MAX, "%s", root_dir + 1); > > Tom > Aside from that, I think the patch is justified and should be included in scponly. Joe, please release scponly 3.12 (along with the source cleanups I requested) Thanks, Tom From david at hexstream.eu.org Wed May 26 04:06:51 2004 From: david at hexstream.eu.org (David Ramsden) Date: Wed May 26 04:05:58 2004 Subject: [scponly] scponly 3.11 various bug fixes - patch released. In-Reply-To: <200405260936.59560.thomas@wana.at> References: <20040525221847.GA2331@hexstream> <200405260936.59560.thomas@wana.at> Message-ID: <20040526080651.GA4459@hexstream> On Wed, May 26, 2004 at 09:36:59AM +0200, Thomas Wana wrote: > Am Mittwoch, 26. Mai 2004 00:18 schrieb David Ramsden: > > > > [1] http://david.hexstream.eu.org/scponly-3.11-bugfixes.patch > ... > > snprintf(chng_dir, FILENAME_MAX, root_dir + 1, strlen(root_dir)); > > Just a note, don't use string constants as format strings. > While this is no format string bug here, this is the typical > source of format string bugs. Someone changes something > here in the future and *bang*. > Sorry. My bad. That was ment to look more like your line (below), with a format string in there! Thanks for finding that :-) > Additionally, the strlen(root_dir) at the end is unneccessary. > > Instead, use > > snprintf(chng_dir, FILENAME_MAX, "%s", root_dir + 1); > [snip] I've updated my patch, just in case anyone wishes to use it! Much appreciated Tom. As I said, I'm not a great C programmer but I "get by" :) If anyone has the time, maybe scponly should be run through `splint' to check for any programming errors. Just a thought. Kind regards. David. -- .''`. David Ramsden : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040526/d173c738/attachment.bin From joe at sublimation.org Wed May 26 16:47:21 2004 From: joe at sublimation.org (wby oblyr) Date: Wed May 26 16:49:08 2004 Subject: [scponly] scponly 3.11 various bug fixes - patch released. In-Reply-To: <20040526080651.GA4459@hexstream> References: <20040525221847.GA2331@hexstream> <200405260936.59560.thomas@wana.at> <20040526080651.GA4459@hexstream> Message-ID: <20040526204721.GD41258@paragon> thanks for this patch, david, i will incorporate your patch with a careful eye and release scponly 3.12 shortly. also note that the UNISON bugs have been reported by numerous people, and they too will be fixed in 3.12 thanks all, joe David Ramsden wrote this message on Wed, May 26, 2004 at 09:06 +0100: > On Wed, May 26, 2004 at 09:36:59AM +0200, Thomas Wana wrote: > > Am Mittwoch, 26. Mai 2004 00:18 schrieb David Ramsden: > > > > > > [1] http://david.hexstream.eu.org/scponly-3.11-bugfixes.patch > > ... > > > snprintf(chng_dir, FILENAME_MAX, root_dir + 1, strlen(root_dir)); > > > > Just a note, don't use string constants as format strings. > > While this is no format string bug here, this is the typical > > source of format string bugs. Someone changes something > > here in the future and *bang*. > > > > Sorry. My bad. That was ment to look more like your line (below), with a > format string in there! > Thanks for finding that :-) > > > Additionally, the strlen(root_dir) at the end is unneccessary. > > > > Instead, use > > > > snprintf(chng_dir, FILENAME_MAX, "%s", root_dir + 1); > > > [snip] > > I've updated my patch, just in case anyone wishes to use it! > Much appreciated Tom. As I said, I'm not a great C programmer but I "get > by" :) > > If anyone has the time, maybe scponly should be run through `splint' to > check for any programming errors. Just a thought. > > Kind regards. > David. > -- > .''`. David Ramsden > : :' : http://david.hexstream.eu.org/ > `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net > `- Debian - when you have better things to do than to fix a system. > _______________________________________________ > scponly mailing list > scponly@lists.ccs.neu.edu > https://lists.ccs.neu.edu/bin/listinfo/scponly -- ---- PGP KEY: http://www.sublimation.org/contact.html PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2 From brently at bjwcs.com Fri May 28 15:02:49 2004 From: brently at bjwcs.com (Brent Wiese) Date: Fri May 28 15:03:30 2004 Subject: [scponly] Scponlyc and symlinks Message-ID: <20040528190257.EIPR26330.fed1rmmtao09.cox.net@SAMBA> This was one of those "D'Oh!" moments, but hoping maybe there is a workaround. I have a user running scponlyc shell. Because of space problems on the partition they're on, I had to move their web logs directory to another partition. No problem, I just symlinked the dir so I wouldn't have to reconfigure their stats software, apache configs, etc. But, since that symlink goes outside the chroot'd dir, the user can't grab his logs. I really want to avoid switching them to scponly w/o chroot. Is there a way around this? And by that I don't mean "yeah, install a new large drive and stick them on it" kind of workaround... ;) Please respond to me off-list as my listserve email folder tends to get quite large and I don't get to it frequently enough. Thanks! Brent From sven at timegate.de Sat May 29 08:50:34 2004 From: sven at timegate.de (Sven Hoexter) Date: Sat May 29 08:50:58 2004 Subject: [scponly] Scponlyc and symlinks In-Reply-To: <20040528190257.EIPR26330.fed1rmmtao09.cox.net@SAMBA> References: <20040528190257.EIPR26330.fed1rmmtao09.cox.net@SAMBA> Message-ID: <20040529125034.GB1751@sven.home.hoaxter.de> On Fri, May 28, 2004 at 12:02:49PM -0700, Brent Wiese wrote: Hi [symlink outside chroot()] > I really want to avoid switching them to scponly w/o chroot. Is there a way > around this? And by that I don't mean "yeah, install a new large drive and > stick them on it" kind of workaround... ;) > > Please respond to me off-list as my listserve email folder tends to get > quite large and I don't get to it frequently enough. Might be possible to do multiple mounts with the --bind option. That's possible with Linux 2.4.x and better. I don't know about other OS and such features. General simple answer is: no. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - No sleep] From sven at timegate.de Sat May 29 11:49:55 2004 From: sven at timegate.de (Sven Hoexter) Date: Sat May 29 11:50:37 2004 Subject: [scponly] scponly articel in german LinuxMagazine Message-ID: <20040529154955.GE1751@sven.home.hoaxter.de> Hi, donno if it's interesting for someone but in the latest LinuxMagazin in germany is an article about scponly. I haven't had the time to read it so far so I don't know if it's usefull or not. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - No sleep] From lupe at lupe-christoph.de Sun May 30 04:59:10 2004 From: lupe at lupe-christoph.de (Lupe Christoph) Date: Sun May 30 04:59:26 2004 Subject: [scponly] Scponlyc and symlinks In-Reply-To: <20040529125034.GB1751@sven.home.hoaxter.de> References: <20040528190257.EIPR26330.fed1rmmtao09.cox.net@SAMBA> <20040529125034.GB1751@sven.home.hoaxter.de> Message-ID: <20040530085910.GA1538@lupe-christoph.de> On Saturday, 2004-05-29 at 14:50:34 +0200, Sven Hoexter wrote: > On Fri, May 28, 2004 at 12:02:49PM -0700, Brent Wiese wrote: > > I really want to avoid switching them to scponly w/o chroot. Is there a way > > around this? And by that I don't mean "yeah, install a new large drive and > > stick them on it" kind of workaround... ;) > > Please respond to me off-list as my listserve email folder tends to get > > quite large and I don't get to it frequently enough. > Might be possible to do multiple mounts with the --bind option. That's > possible with Linux 2.4.x and better. I don't know about other OS and such > features. It's at least possible in Solaris an FreeBSD. Mechanisms differ. For Solaris, you use the lofs, loopback filesystem (man lofs). For FreeBSD, you use the "null layer" (man mount_null). HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity | | Home for Badgers with Rabies. Michael Lucas |