[scponly] chroot fails without warning - everything still works
Paul Hyder
Paul.Hyder at noaa.gov
Fri Jun 16 12:17:08 EDT 2006
Fred Fiat wrote:
>> ...
>
> Jun 16 17:00:53 HOST scponly[8806]: 3 arguments in total.
> Jun 16 17:00:53 HOST scponly[8806]: arg 0 is /usr/local/sbin/scponlyc
> Jun 16 17:00:53 HOST scponly[8806]: arg 1 is -c
> Jun 16 17:00:53 HOST scponly[8806]: arg 2 is sftp-server
> Jun 16 17:00:53 HOST scponly[8806]: opened log at LOG_AUTHPRIV, opts 0x00000009
> Jun 16 17:00:53 HOST scponly[8806]: retrieved home directory of "/home/test1" for user "test1"
> Jun 16 17:00:53 HOST scponly[8806]: setting uid to 1035
> Jun 16 17:00:53 HOST scponly[8806]: processing request: "sftp-server"
> Jun 16 17:00:53 HOST scponly[8806]: running: /usr/bin/sftp-server (username: test1(1035), IP/port: ::1 51149 ::1 22)
>
Fred,
Quick sanity check: Where there other scponly syslog lines? In a chrooted environment
there would have been a set starting with:
"chrooted binary in place, will chroot()"
and ending with
"chrooting to dir: ..."
{and a couple of chdir messages}
If they weren't there (I doubt they were) please check the value of CHROOTED_NAME in
config.h. {i.e. It sounds like there may be one more thing going on in your case.}
The trace above indicates that a full path is seen for scponlyc. That would in fact
disable the chroot since the code checks argv[0] for the exact string in CHROOTED_NAME
and that is normally "scponlyc".
What is the OS? (The quick fix >might< be to change CHROOTED_NAME but it would be
better to find out exactly what is happening.)
Paul Hyder
NOAA Earth System Research Laboratory, Global Systems Division, HPC
Boulder, CO
More information about the scponly
mailing list