[scponly] sftp works but scp doesn't... any idea ?

YLB ylebihan at gmail.com
Thu Feb 23 19:23:50 EST 2006 

Hi :-)

Well, to sum up :

scponly is compiled this way:
./configure --enable-chrooted-binary --enable-rsync-compat
--enable-scp-compat --enable-winscp-compat --enable-quota-compat

Then, it is chrooted... and the syslog, when debuglevel is 1, tells :

Feb 24 00:14:52 server scponly[17695]: running: /usr/bin/groups
(username: testuser(517), IP/port: xx.yyy.zzz.uuu 1326 22)
Feb 24 00:14:52 server scponly[314]: failed: /usr/bin/groups with
error No such file or directory(2) (username: testuser(517), IP/port:
xx.yyy.zzz.uuu 1326 22)
Feb 24 00:15:00 server scponly[314]: running: /bin/pwd (username:
testuser(517), IP/port: xx.yyy.zzz.uuu 1326 22)
Feb 24 00:15:01 server scponly[314]: running: /bin/ls -la --full-time
(username: testuser(517), IP/port: xx.yyy.zzz.uuu 1326 22)
Feb 24 00:15:09 server scponly[314]: running: /usr/bin/scp -r -d -t
/testuser (username: testuser(517), IP/port: xx.yyy.zzz.uuu 1326 22)
Feb 24 00:15:09 server scponly[314]: running: /bin/ls -la --full-time
(username: testuser(517), IP/port: xx.yyy.zzz.uuu 1326 22)

and /usr/bin/groups (in /home/testuser) exists :

[root at server testuser]# pwd
/home/testuser
[root at server testuser]# cd usr/bin
[root at server bin]# ls -al
total 288
drwxr-xr-x    2 root     root         4096 fév 19 18:00 .
drwxr-xr-x    5 root     root         4096 fév 19 18:00 ..
-rwxr-xr-x    1 root     root         1669 fév 19 18:00 groups
-rwxr-xr-x    1 root     root        13532 fév 19 18:00 id
-rwxr-xr-x    1 root     root        13476 fév 19 18:00 passwd
-rwxr-xr-x    1 root     root        22992 fév 19 18:00 quota
-rwxr-xr-x    1 root     root       188104 fév 19 18:00 rsync
-rwxr-xr-x    1 root     root        32684 fév 19 18:00 scp

So, everything appears well to me :-/
Also interesting : the scp command doesn't make an error in the
syslog, but the file isn't transferred :-(

Cheers,

YLB.


2006/2/23, Paul Hyder <Paul.Hyder at noaa.gov>:
> The groups problem sounds like you didn't install the binary
> compiled from the scponly release.  (Which would mean that the
> platform's existing groups command is a shell script.)  That true?
> [I believe you aren't chrooted so using this binary is likely to
> be a bit difficult, but scponly can't execute a shell script.]
>
> Perhaps I missed it but it would be helpful to see the full
> syslog traces, with debuglevel set to 1, for a Linux scp attempt.
> (Including the scp command that was used.)
>     Paul Hyder
>
> YLB wrote:
> > No idea from anyone ?... :-/
> >
> > :-)
> >
> > Cheers,
> >
> > YLB.
> >
> >
> > 2006/2/20, YLB <ylebihan at gmail.com>:
> >
> >>Hi ! :) (and thank you very much for your answer ! :)
> >>
> >>2006/2/17, Paul.Hyder at noaa.gov <Paul.Hyder at noaa.gov>:
> >>
> >>>Time to change the value in the debuglevel file to 1 to
> >>>enable additional debug information to the syslog and
> >>>see what it indicates.
> >>
> >>Well, it's done now...
> >>
> >>
> >>>The linux scp failure sounds a bit like a jail configuration
> >>>issue.
> >>
> >>A part of the problem was this... I solved it (in fact, my shell
> >>script for accounts creation failed).
> >>But it doesn't run yet... WinSCP still answers : "Command 'groups ;
> >>echo "WinSCP: this is end-of-file:$status"' failed with bad result
> >>''."
> >>And nothing more.
> >>
> >>ls -lad is running well, now. But "groups" doesn't !
> >>
> >>The most interesting is making a su from root (from the server itself) :
> >>
> >>[root at server root]# su testuser
> >>groups
> >>WinSCP: this is end-of-file:0
> >>groups ; echo "WinSCP: this is end-of-file:$status"
> >>testuser
> >>WinSCP: this is end-of-file:0
> >>
> >>When I do the same thing than WinSCP, the server answers correctly.
> >>But when doing the same thing from the WinSCP console (using scp), I
> >>get this :
> >>
> >>/testuser$ groups
> >>/testuser$ groups ; echo "WinSCP: this is end-of-file:$status"
> >>
> >>Nothing more ! :(
> >>[and I'm unable to download/upload files using scp : I get an error
> >>like "No way to start scp transfer. Please check that scp is well
> >>installed on the server and the path is well specified in PATH
> >>variable. [...] Command failed with error code 255."
> >>Whereas : scp is in /usr/bin [in the jail] and the syslog says :
> >>
> >>Feb 19 23:44:24 server scponly[19372]: running: /bin/pwd (username:
> >>testuser(517), IP/port: xx.yyy.zzz.uuu 1989 22)
> >>Feb 19 23:44:55 server scponly[19372]: running: /bin/ls -la
> >>--full-time (username: testuser(517), IP/port: xx.yyy.zzz.uuu 1989 22)
> >>Feb 19 23:45:00 server scponly[19372]: running: /usr/bin/scp -r -d -t
> >>/testuser (username: testuser(517), IP/port: xx.yyy.zzz.uuu 1989 22)
> >>Feb 19 23:45:00 server scponly[19372]: running: /bin/ls -la
> >>--full-time (username: testuser(517), IP/port: xx.yyy.zzz.uuu 1989 22)
> >>
> >>odd, isn't it ?...
> >>I'm desperate... :-(
> >>
> >>Have a nice week, everyone ! :)
> >>
> >>Cheers,
> >>
> >>YLB.

More information about the scponly mailing list