[scponly] Using /./ ( magic token) with scponlyc

Paul Hyder Paul.Hyder at noaa.gov
Wed May 18 11:32:46 EDT 2005 

You can't "chroot" to a point below the binary directories.  To execute them
they have to be available to the user after the chroot.  The permissions
and ownership of everything in the "jail" should be set to prevent modification
but they have to be part of the user's chrooted environment.
     Paul Hyder
     NOAA Forecast Systems Lab
     Boulder, CO

Gopu Natarajan ,ECS-Chennai wrote:
> Hi Paul,
> 
> This is my passwd file entry for sftp only user:
> 
> sftp2:x:501:501::/home/sftp//ftp:/usr/local/sbin/scponlyc
> 
> I have a writable folder (./ftp) inside chroot(/home/sftp) directory.
> 
> My objective is when the sftp users are connecting via winscp they
> should not see the chrooted directories /bin /etc ..(system directories)
> as default (even they have access). 
> 
> I am getting following error in secure log:
> 
> : Accepted password for sftp2 from x.x.x.x port 2522 ssh2
> May 17 23:44:38 agni2 sshd[16101]: subsystem request for sftp
> May 17 18:14:38 agni2 [16102]: changing initial directory to /root/ftp
> May 17 18:14:38 agni2 [16102]: running: /usr/libexec/openssh/sftp-server
> (username: sftp2(501), IP/port: x.x.x.x 2522 22)
> May 17 18:14:38 agni2 [16102]: failed: /usr/libexec/openssh/sftp-server
> with error No such file or directory(2) (username: sftp2(501), IP/port:
> x.x.x.x 2522 22)
> 
> Pls. help me to resolve this issue.
> 
> Thanks & Regards,
> Gopu N
> IT Services
> 
> 
> 
> -----Original Message-----
> From: Paul Hyder [mailto:Paul.Hyder at noaa.gov] 
> Sent: Tuesday, May 17, 2005 9:29 PM
> To: Gopu Natarajan ECS-Chennai
> Cc: scponly at lists.ccs.neu.edu
> Subject: Re: [scponly] Using /./ ( magic token) with scponlyc
> 
> You will get the same chroot behavior with scponlyc if you use "//"
> instead of
> "/./" at the desired chroot point.
>        Paul Hyder
>        NOAA Forecast Systems Lab
> 
> Gopu Natarajan ,ECS-Chennai wrote:
> 
>>Hi All,
>>
>>
>>I am new to this scponly list. We are using scponly on our sftp server
>>with CHROOT option.
>>
>> 
>>
>>Pls. let me know how can I use the magic token /./ along with
> 
> scponlyc.
> 
>> 
>>
>>( Magictoken /./ is working with other shells like bash using ssh
> 
> login)
> 
>>Help me to resolve this issue.
>>
>> 
>>
>>Thanks & Regards,
>>
>>Gopu N
>>
>>IT Services
>>
>>
>>
>>Tel: +91 044 22318321 - 25 Extn: 2531
>>
>>
>>
>> 
>>
>>
>>
>>Disclaimer: 
>>
>>This message and any attachment(s) contained here are information that
> 
> is confidential, proprietary to HCL Technologies and its customers,
> privileged or otherwise protected by law. The information is solely
> intended for the individual or the entity it is addressed to. If you are
> not the intended recipient of this message, you are not authorized to
> read, forward, print, retain, copy or disseminate this message or any
> part of it. If you have received this e-mail in error, please notify the
> sender immediately by return e-mail and delete it from your computer.
> 
>>
>>
>>
> ------------------------------------------------------------------------
> 
>>
>>
> ------------------------------------------------------------------------
> 
>>_______________________________________________
>>scponly mailing list
>>scponly at lists.ccs.neu.edu
>>https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list