[scponly] chroot fails without warning - everything still works
Kaleb Pederson
kpederson at mail.ewu.edu
Fri Jun 16 10:49:16 EDT 2006
Fred,
Please do the following to turn on debug mode:
echo 1 > /usr/local/etc/scponly/debuglevel
Once debug mode is on, you'll get additional syslog output. Please post that
output and we should be better able to help.
Also, please run and provide us the output of:
getent passwd test1 || grep test1 /etc/passwd
Thanks.
--Kaleb
On Friday 16 June 2006 7:34 am, Fred Fiat wrote:
> Hello,
>
> scponly seemed to be working great, until I tested the chroot
> functionality. With chroot, I am able to view the root / dir, and files in
> the root /tmp/ dir (i.e. dirs outside of the chroot).
>
> Hope someone can help.
>
> The install went fine, I built using
> ./configure --enable-chrooted-binary --disable-wildcards
> --disable-winscp-compat
>
> I'm now trying the "make jail" script, here is what I answered:
>
> # make jail
> [snip]
> Username to install [scponly]test1
> home directory you wish to set for this user [/home/test1]
> name of the writeable subdirectory [incoming]
> creating /home/test1/incoming directory for uploading files
>
> Your platform (Linux) does not have a platform specific setup script.
> This install script will attempt a best guess.
> If you perform customizations, please consider sending me your changes.
> Look to the templates in build_extras/arch.
> - joe at sublimation dot org
>
> please set the password for test1:
> New password:
> Bad password: too short
> Re-enter new password:
> Password changed
> [snip]
>
>
>
> then I tried the new account:
>
> # sftp test1 at localhost
> Warning: Need basic cursor movement capability, using vt100
> warning: Need basic cursor movement capability, using vt100
> test1 at localhost's password:
> sftp> ls -l /tmp
>
> It lets me see the contents of the root (i.e. out of chroot) /tmp/
> directory! Yikes!
>
> What have I done wrong?
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060616/4e2fb602/attachment.bin
More information about the scponly
mailing list