[scponly] won't someone _please_ think of the archives ? (scponly + unison + chroot)

[Ensel Sharon]

On Tue, 3 Oct 2006, Kaleb Pederson wrote:

> That seems really strange and doesn't make sense to me.  Can you strace the 
> ssh process that execs unison (capturing output for child processes) and send 
> it to me?
> 
> If you can, I'll take a look and let you know.
> 
> > See the problem ?  In both cases unison is spitting back to the _remote
> > user_ the full path leading into the chroot - something that, IMO, they
> > should never see.
> 
> Yes.  Unless it is somehow in the chroot (like the /etc/passwd file within the 
> chroot) or scponly is doing something strange, it don't see how that would 
> happen -- note that I haven't looked at any of the unison specific code 
> though.


Well, perhaps this is my fault then.

My setup is simple - everyone has the same home directory:

/home

And that is in _both_ the root /etc/passwd and the chroot /etc/passwd

And inside of /home are a bunch of "incoming" directories, one per user -
the user has no right (except traversal) to /home, and has no rights at
all to any of the incoming dirs except their own.

This allows me to maintain only a single chroot skeleton (/etc,/bin,/usr
and so on)  Further, this has worked great - no problems with any ssh apps
(except unison).

BUT, you are correct - both /etc/passwd and (chroot)/etc/passwd contain
the same thing:  /home   for everyones home directory.

What would you put in its place ?



(honestly I just thought the home-dir field in the chroot/etc/passwd was
just a placeholder and didnt matter - which was somewhat justified given
that it has worked wonderfully, until unison)

(are you sure Paul Hyder wasn't correct and that my setup is ok, and there
is just a bug related to unison ?)