[scponly] sftp problem with chroot on openbsd
domenico.albanese at hermess.it
domenico.albanese at hermess.it
Fri Jul 28 10:39:33 EDT 2006
ok, let's try:
#############################################
root at grog:/tmp/scponly-4.6# userdel -r pino
userdel: User `ospite' doesn't own directory `/home/pino', not removed
root at grog:/tmp/scponly-4.6# rm -fr /home/pino
root at grog:/tmp/scponly-4.6# chmod u+x ./setup_chroot.sh
root at grog:/tmp/scponly-4.6# ./setup_chroot.sh
Next we need to set the home directory for this scponly user.
please note that the user's home directory MUST NOT be writeable
by the scponly user. this is important so that the scponly user
cannot subvert the .ssh configuration parameters.
for this reason, a writeable subdirectory will be created that
the scponly user can write into.
Username to install [scponly]pino
home directory you wish to set for this user [/home/pino]
name of the writeable subdirectory [incoming]
install: 0: No such file or directory
install: 1: No such file or directory
install: Ref: No such file or directory
creating /home/pino/incoming directory for uploading files
please set the password for pino:
Changing local password for pino.
New password:
Retype new password:
if you experience a warning with winscp regarding groups, please install
the provided hacked out fake groups program into your chroot, like so:
cp groups /home/pino/bin/groups
root at grog:/tmp/scponly-4.6#cp groups /home/pino/bin/groups
root at grog:/tmp/scponly-4.6# chroot -r /home/pino -v
chroot: unknown option -- r
usage: chroot [-g group,group,...] [-u user] newroot [command]
root at grog:/tmp/scponly-4.6# chroot /home/pino -v
chroot: -v: No such file or directory
root at grog:/tmp/scponly-4.6# chroot /home/pino
chroot: /usr/local/bin/bash: No such file or directory
root at grog:/tmp/scponly-4.6# ls /home/pino/usr/
bin libexec sbin
root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/local
root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/local/bin
root at grog:/tmp/scponly-4.6# cp /usr/local/bin/bash /home/pino/usr/local/bin
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libtermcap.so.10.0'
root at grog:/tmp/scponly-4.6# find / -name libtermcap.so.10.0
/usr/lib/libtermcap.so.10.0
root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/lib
root at grog:/tmp/scponly-4.6# cp /usr/lib/libtermcap.so.10.0 /home/pino/usr/lib
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# find / -name libintl.so.3.0
/usr/local/lib/libintl.so.3.0
root at grog:/tmp/scponly-4.6# ls /home/pino/usr/local/
bin
root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/local/lib
root at grog:/tmp/scponly-4.6# cp /usr/local/lib/libintl.so.3.0
/home/pino/usr/local/lib
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# ls -las /usr/local/lib/libintl.so.3.0
80 -r--r--r-- 1 root bin 39135 Mar 1 16:23 /usr/local/lib/libintl.so.3.0
root at grog:/tmp/scponly-4.6# ls -las /home/pino/usr/local/lib/libintl.so.3.0
80 -r--r--r-- 1 root wheel 39135 Jul 28 16:20
/home/pino/usr/local/lib/libintl.so.3.0
root at grog:/tmp/scponly-4.6# chown root:bin
/home/pino/usr/local/lib/libintl.so.3.0
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libc.so.39.0'
root at grog:/tmp/scponly-4.6# find / -name libc.so.39.0
/usr/lib/libc.so.39.0
root at grog:/tmp/scponly-4.6# ls /home/pino/usr/
bin lib libexec local sbin
root at grog:/tmp/scponly-4.6# cp /usr/lib/libc.so.39.0 /home/pino/usr/lib
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libiconv.so.4.0'
root at grog:/tmp/scponly-4.6# find / -name libiconv.so.4.0
/usr/local/lib/libiconv.so.4.0
root at grog:/tmp/scponly-4.6# cp /usr/local/lib/libiconv.so.4.0
/home/pino/usr/local/lib/
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# find / -name libintl.so.3.0
/home/pino/usr/local/lib/libintl.so.3.0
/usr/local/lib/libintl.so.3.0
root at grog:/tmp/scponly-4.6# ls -las /home/pino/usr/local/lib/libintl.so.3.0
80 -r--r--r-- 1 root bin 39135 Jul 28 16:20
/home/pino/usr/local/lib/libintl.so.3.0
root at grog:/tmp/scponly-4.6# ls -las /usr/local/lib/libintl.so.3.0
80 -r--r--r-- 1 root bin 39135 Mar 1 16:23 /usr/local/lib/libintl.so.3.0
#############################################
?????
wait a minute.....
#############################################
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libiconv.so.4.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libiconv.so.4.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libiconv.so.4.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libiconv.so.4.0'
root at grog:/tmp/scponly-4.6# chroot /home/pino
/usr/local/bin/bash: can't load library 'libintl.so.3.0'
#############################################
funny, round robin style :-)
emmhhh, and now ?
Dome
2006/7/28, Kaleb Pederson <kibab at icehouse.net>:
> On Friday 28 July 2006 5:22 am, domenico.albanese at hermess.it wrote:
> > chmod u+x ./setup_chroot.sh
> > ./setup_chroot.sh
> [snip]
> > Username to install [scponly]pino
> > home directory you wish to set for this user [/home/pino]
> > name of the writeable subdirectory [incoming]
> > install: 0: No such file or directory
> > install: 1: No such file or directory
> > install: Ref: No such file or directory
> [snip]
>
> > I don't understand, what I do wrong?
>
> It doesn't look like you did anything wrong. Notice however that there were
> errors in the setup_chroot script. It basically looks like you're missing
> some libraries within the chroot.
>
> Run `chroot -r /home/pino -v` and see what it gives you. Then run
> `ldd /usr/libexec/sftp-server` and make sure that all the libraries that it
> mentions exist within the chroot. If there are any of them that aren't
> present, copy them to the chroot.
>
> Let us know how everything works once you have done that. If it still doesn't
> work there are other things that we can try to figure out what's going on.
>
> Hope that helps.
>
> --Kaleb
>
>
> > Domenico
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
>
>
>
More information about the scponly
mailing list