[scponly] Permission denied

Kaleb Pederson kpederson at mail.ewu.edu
Thu Mar 31 19:04:55 EST 2005 

It's most likely something at the system level.  It really sounds like a shell 
problem because it's happening before the user gets to access scponly, but 
you indicated that it is present.  Perhaps there is a permissions problem on 
the file or something else of that nature.

If they happen to be getting to scponly, then you could do something like the 
following to turn up debugging:

echo "1" > /etc/scponly/debuglevel

Once you up your debuglevel (change the path above as necessary), then you 
should get quite a few messages in the log when the user is actually getting 
to scponly, but I doubt that's the problem.

If you still can't figure it out, you could strace your ssh process and find 
out what ssh is doing for authentication and the associated failure.

--Kaleb

On Thursday 31 March 2005 3:54 pm, you wrote:
> Yep, and I just confirmed it.
>
> CD
>
> Kaleb Pederson said this while chewing gum:
> > Is scponlyc listed as a valid shell in /etc/shells (or its equivalent)?
> > If
> > not, that would explain the behavior.
> >
> > --Kaleb
> >
> > On Thursday 31 March 2005 2:44 pm, Chris de Vidal wrote:
> >> Update: if I change the shell to /usr/bin/scponly, that works.  Didn't
> >> have to recompile.  Something is weird about the scponlyc binary.
> >>
> >> Ideas?
> >>
> >> CD
> >>
> >> Chris de Vidal said this while chewing gum:
> >> > scponly version 4.0
> >> > Debian 3.0 (Woody)
> >> >
> >> >
> >> > Great program!!!  Unfortunately I can't get it to work.  I'm getting
> >> > "permission denied" in /var/log/auth.log.
> >> >
> >> >
> >> >
> >> > I compiled my copy of the software like this:
> >> > ./configure --disable-scp-compat --disable-gftp-compat
> >> > --enable-chrooted-binary --prefix=/usr
> >> >
> >> > (By the way, --disable-winscp-compat fails during compile.  Dunno
> >>
> >> why.)
> >>
> >> > make
> >> > make install
> >> >
> >> > Added these lines to /etc/shells:
> >> > /usr/bin/scponly
> >> > /usr/sbin/scponlyc
> >> >
> >> > I then ran "make jail" and gave it the scponly username and set his
> >>
> >> home
> >>
> >> > directory to /portal (where I want all my users to be chrooted).
> >> >
> >> >
> >> > When I log in via SFTP I get these messages in /var/log/auth.log:
> >> > Mar 31 16:57:04 dl2 sshd[15205]: Accepted password for scponly from
> >> > 172.19.6.89 port 2279 ssh2
> >> > Mar 31 16:57:04 dl2 sshd[15207]: subsystem request for sftp
> >> > Mar 31 16:57:04 dl2 PAM_unix[15207]: (ssh) session opened for user
> >> > scponly by (uid=1005)
> >> > Mar 31 21:57:04 dl2 [15208]: running: /usr/lib/sftp-server (username:
> >> > scponly(1005), IP/port: 172.19.6.89 2279 602)
> >> > Mar 31 21:57:04 dl2 [15208]: failed: /usr/lib/sftp-server with error
> >> > Permission denied(13) (username: scponly(1005), IP/port: 172.19.6.89
> >>
> >> 2279
> >>
> >> > 602)
> >> >
> >> > When I changed the shell to /bin/bash the scponly user could then log
> >>
> >> in.
> >>
> >> > Permissions of /portal are 2775.
> >> >
> >> > Ideas?
> >> >
> >> > CD
> >> >
> >> > _______________________________________________
> >> > scponly mailing list
> >> > scponly at lists.ccs.neu.edu
> >> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >>
> >> _______________________________________________
> >> scponly mailing list
> >> scponly at lists.ccs.neu.edu
> >> https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list