[scponly] scp error "Unknown user ID"

[Daniel G. Epstein]

At Thu Jun 9 13:37:50 EDT 2005 Anthony Brock Anthony_Brock at ous.edu wrote:

> Alvin Trinh <alvin.trinh at gmail.com> 06/09/05 10:11AM
>
> > I have set up scponlyc with chrooted and when I run the scp command
> > I get the error "Unknown user ID".  Any one here has any ideas?
>
> Does the target user account exist inside the chroot'ed /etc/passwd
> file? For example, if I want to connect as "foobar" to a chroot'ed
> environment inside /home/scponly, I need the account listed inside
> BOTH of the following files:
>
> /etc
> /home/scponly/etc/passwd

On BSD variants I think you'll need to run vipw to create the user
database and other password files that some programs will require {in
addition to|instead of} the actual passwd file.  For instance, I created
a simple passwd file in my chroot's etc directory with the single line:

  scponly:*:2222:2222:SCP Only User::

Then I ran vipw against that version with the -d flag ('vipw -d
/home/scponly/etc'), saved and exited, and ended up with:

  -rw-------  1 root  scponly    118 Oct  2 18:57 master.passwd
  -rw-r-----  1 root  scponly    113 Oct  2 18:57 passwd
  -rw-r-----  1 root  scponly  40960 Oct  2 18:57 pwd.db
  -rw-------  1 root  scponly  40960 Oct  2 18:57 spwd.db

Now scp connections to the chrooted account work for me on FreeBSD-4.11.
I should note that I built the package from the ports tree and used the
/usr/local/share/examples/scponly/setup_chroot.sh script to create my
chroot.  However, I've also made some changes to the default permissons
and ownership in the chroot to prevent other users on the system from
having access to the chroot.

Take it easy,

Dan

--

A boast of "I have been's,"  | Daniel G. Epstein
quoted from foolscap tomes,  | Audio Engineer
is a shadow brushed away     |
by an acorn from an oak tree | Rootlike Technologies, Inc.
or a salmon in a pool.       | http://www.rootlike.com/

GnuPG public keys available from http://pgp.mit.edu/