[scponly] chroot problem on Redhat AS3

Scott Koch koch at uselinux.us
Wed Apr 26 21:35:47 EDT 2006 

I have scponly installed and setup to be used on my system. However
it seems to be having some trouble chrooting. For some reason the ssh
process is changing uids to the testuser before it does the chroot. I
know that chrooting does not work for not uid 0 users, but I am not sure
why it is changeing users *before* trying to chroot. Any help is
appreciated.

-Scott

/etc/passwd entry:

testuser:x:513:513:FTP test user:/testchroot//pub:/bin/scponlyc

This is the message I get in my logs:

Apr 26 21:28:09 myhost scponly[4834]: chrooted binary in place, will
chroot()
Apr 26 21:28:09 myhost scponly[4834]: 3 arguments in total.
Apr 26 21:28:09 myhost scponly[4834]:        arg 0 is scponlyc
Apr 26 21:28:09 myhost scponly[4834]:        arg 1 is -c
Apr 26 21:28:09 myhost scponly[4834]:        arg 2 is
/usr/libexec/openssh/sftp-server
Apr 26 21:28:09 myhost scponly[4834]: opened log at LOG_AUTHPRIV,
opts 0x00000009
Apr 26 21:28:09 myhost scponly[4834]: retrieved home directory of
"/testchroot//pub" for user "testuser"
Apr 26 21:28:09 myhost scponly[4834]: chrooting to dir: "/testchroot"
Apr 26 21:28:09 myhost scponly[4834]: chroot: Operation not permitted
Apr 26 21:28:09 myhost scponly[4834]: couldn't chroot to /testchroot
[username: testuser(513), IP/port: ::ffff:xxx.xxx.xxx.xxx 38295 15000]

root# ls -la /testchroot
total 96
drwxr-xr-x   7 root testuser 4096 Apr 26 19:27 .
drwxr-xr-x  29 root root     4096 Apr 26 20:12 ..
-rw-r--r--   1 root testuser  304 Apr 23 00:59 .bash_logout
-rw-r--r--   1 root testuser  191 Apr 23 00:59 .bash_profile
-rw-r--r--   1 root testuser  124 Apr 23 00:59 .bashrc
drwxr-xr-x   2 root testuser 4096 Apr 26 20:23 bin
-rw-r--r--   1 root testuser  383 Apr 23 00:59 .emacs
drwxr-xr-x   2 root testuser 4096 Apr 26 19:31 etc
-rw-r--r--   1 root testuser  120 Apr 23 00:59 .gtkrc
drwxr-xr-x   3 root testuser 4096 Apr 26 19:54 lib
drwxr-xr-x   2 root testuser 4096 Apr 26 19:27 pub
drwxr-xr-x   5 root testuser 4096 Apr 26 19:22 usr

root# ls -la /bin/scponlyc
-rwsr-xr-x  1 root root 30099 Apr 26 19:15 /bin/scponlyc


-- 
==============================================
Scott Koch                                    
koch at uselinux.us                
http://www.uselinux.us                     
==============================================

More information about the scponly mailing list