[scponly] Second Jail not working...

Paul Hyder Paul.Hyder at noaa.gov
Fri Feb 23 15:03:04 EST 2007 

Hmmm, Then the behavior would make sense if the "parents" user was
executing an scponly binary that wasn't suid.  Next step is to verify
that the top level password file shell entry points to a binary that
is root owned and SUID.  {something like using scponly instead of
scponlyc or two different binaries one of which isn't properly chowned}

     Paul Hyder

mephi wrote:
> Ok, /share/parents exists and has the same permissions as /share/jail/,
> here's the directory structure:
> 
> mephi-linux:/share/parents# ls -l
> total 20
> drwxr-xr-x  2 root    root  4096 2007-02-23 16:32 bin
> drwxr-xr-x  2 root    root  4096 2007-02-23 16:32 etc
> drwxr-xr-x  3 root    root  4096 2007-02-23 16:32 lib
> drwxrwxrwx  2 parents users 4096 2007-02-23 16:32 parents
> drwxr-xr-x  4 root    root  4096 2007-02-23 16:32 usr
> 
> mephi-linux:/share/parents# du
> 8       ./etc
> 1016    ./usr/lib/i686/cmov
> 1020    ./usr/lib/i686
> 1124    ./usr/lib
> 328     ./usr/bin
> 1456    ./usr
> 372     ./bin
> 1528    ./lib/tls
> 1792    ./lib
> 4       ./parents
> 3636    .
> 
> 
> -----Original Message-----
> From: Paul Hyder [mailto:Paul.Hyder at noaa.gov] 
> Sent: 23 February 2007 19:03
> To: mephi
> Cc: scponly at lists.ccs.neu.edu
> Subject: Re: [scponly] Second Jail not working...
> 
> The chroot is failing.  Start by verifying that /share/parents exists,
> has proper permissions, and is a directory.
> 
> If that doesn't solve the problems please provide details of the
> directory structure starting at /share/parents.
>     Paul Hyder
> 
> 
> mephi wrote:
>> I've got a Debian server with an scponly jail setup in /share/jail/, this
>> works fine. And I can Rsync to it from windows using the command:
>>
>>  
>>
>> rsync -e ssh -av --delete "/rsync" mephi at xxx.xxx.xxx.xxx:/jail/test 
>>
>>  
>>
>> This gives the output:
>>
>> [893]: chrooted binary in place, will chroot()
>>
>> [893]: 3 arguments in total.
>>
>> [893]:  arg 0 is scponlyc
>>
>> [893]:  arg 1 is -c
>>
>> [893]:  arg 2 is rsync --server -vlogDtpr --delete . /jail/test
>>
>> [893]: opened log at LOG_AUTHPRIV, opts 0x00000029
>>
>> [893]: retrieved home directory of "/share/jail" for user "mephi"
>>
>> [893]: chrooting to dir: "/share/jail"
>>
>> [893]: chdiring to dir: "/"
>>
>> [893]: setting uid to 1003
>>
>>  
>>
>> I'm trying to setup a second area in /share/parents/ for my parents to
>> backup over rsync to, this doesn't work fine.
>>
>>  
>>
>> I've setup a second area using the setup_chroot script that I originally
>> used for the first area, but I get errors when I try to connect with the
>> rsync command:
>>
>> rsync -e ssh -av --delete "/rsync" parents at xxx.xxx.xxx.xxx:/parents
>>
>>  
>>
>> errors:
>>
>>  
>>
>> [979]: chrooted binary in place, will chroot()
>>
>> [979]: 3 arguments in total.
>>
>> [979]:  arg 0 is scponlyc
>>
>> [979]:  arg 1 is -c
>>
>> [979]:  arg 2 is rsync --server -vlogDtpr --delete . /parents
>>
>> [979]: opened log at LOG_AUTHPRIV, opts 0x00000029
>>
>> [979]: retrieved home directory of "/share/parents" for user "parents"
>>
>> [979]: chrooting to dir: "/share/parents"
>>
>> [979]: chroot: Operation not permitted
>>
>>  
>>
>> Does anyone know why?
>>
>>  
>>
>> Matt
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> scponly mailing list
>> scponly at lists.ccs.neu.edu
>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>

More information about the scponly mailing list