[scponly] rsync using chRoot on Suse 10.2

Kaleb Pederson kibab at icehouse.net
Wed Mar 14 21:41:34 EDT 2007 

John,

You might want to take a look at entry number three in the FAQ.  If you strace 
the ssh server process per those instructions, we could then find out exactly 
what's going on -- well, most likely :)

http://sublimation.org/scponly/wiki/index.php/FAQ

Also, you can, and may already have, verified that /home/client1 has all the 
valid libraries installed by using ldconfig -v -r /home/client1 and verifying 
that all the other libraries are installed.

One other common error is simply missing the /dev/null device within the 
chroot.

I hope that helps.

--Kaleb

On Wednesday 14 March 2007, John Timmons wrote:
> They do indeed have 755 permissions.
>
> User can't do an ls as only rsync is enabled on that account (No shell)
>
> John
>
> On 13/03/07, Paul Hyder <Paul.Hyder at noaa.gov> wrote:
> > And all of the intermediate directories (/home/client1/usr/bin) also have
> > permissions of 755?  [A non-root user on this host can do an ls and see
> > /home/client1/usr/bin/rsync?]
> >
> > Were any other configure options selected?
> >        Paul Hyder
> >
> > John Timmons wrote:
> > > Thanks for replying
> > >
> > >
> > > The rsync switch was used compile scponly and rsync does exist in
> > > /home/client1/usr/bin/rsync :(
> > >
> > > All files in there are owned by root but have 0755 permissions
> > >
> > >
> > > Regards
> > >
> > >
> > > John
> > >
> > > On 12/03/07, Paul Hyder <Paul.Hyder at noaa.gov> wrote:
> > >> The message indicates that /home/client1/usr/bin/rsync is either
> > >> missing or has bad permissions.  [i.e. This looks like something is
> > >> missing from the jail.]
> > >>
> > >> First step is to double check your configure flags to make sure that
> > >> the build used "--enable-rsync-compat" and then to see if the rsync
> > >> binary is in the jail.
> > >>     Paul Hyder
> > >>
> > >> John Timmons wrote:
> > >> > I have been struggling to get rsync to work under a chRooted account
> > >> > using Scponly.
> > >> >
> > >> > If I change the user /etc/passwd to use the non chRoot scponly rsync
> > >>
> > >> works fine
> > >>
> > >> > but if I use
> > >> > client1:x:1000:100::/home/client1:/usr/local/sbin/scponlyc
> > >> >  then I get the 0 byte connection error.
> > >> >
> > >> > I have patched Scponly to get around the -e or --server errors.
> > >> >
> > >> > I have ldd'd rsync and I have all the libraries
> > >> > running on Scponly 4.6
> > >> >
> > >> >
> > >> > Ran "make jail" to create the chRoot account etc
> > >> >
> > >> > Incoming folder is /home/client1/backup
> > >> >
> > >> >
> > >> > Rsync command I'm running is
> > >> >
> > >> > rsync -av /cygdrive/c/text client1 at domain.name:/home/client1/backup
> > >> >
> > >> > /cygrive/c/text is just some test files
> > >> >
> > >> > and have tried
> > >> > client1 at domain.name:/home/client1/backup
> > >> > client1 at domain.name:/home/client1/backup/
> > >> > client1 at domain.name:/backup
> > >> > client1 at domain.name:/backup/
> > >> > client1 at domain.name:/
> > >> >
> > >> >
> > >> > log looks like this
> > >> >
> > >> > Mar 11 00:38:16 MyServer sshd[25240]: Accepted
> > >> > keyboard-interactive/pam for client1 from xxx.xxx.xxx.xxx port 2402
> > >> > ssh2
> > >> > Mar 11 00:38:16 MyServer scponly[25246]: chrooted binary in place,
> > >>
> > >> will chroot()
> > >>
> > >> > Mar 11 00:38:16 MyServer scponly[25246]: 3 arguments in total.
> > >> > Mar 11 00:38:16 MyServer scponly[25246]:      arg 0 is scponlyc
> > >> > Mar 11 00:38:16 MyServer scponly[25246]:      arg 1 is -c
> > >> > Mar 11 00:38:16 MyServer scponly[25246]:      arg 2 is rsync
> > >> > --server -vvvvvvlogDtpr . /home/client1/backup
> > >> > Mar 11 00:38:16 MyServer scponly[25246]: opened log at LOG_AUTHPRIV,
> > >> > opts 0x00000009
> > >> > Mar 11 00:38:16 MyServer scponly[25246]: retrieved home directory of
> > >> > "/home/client1" for user "client1"
> > >> > Mar 11 00:38:16 MyServer scponly[25246]: chrooting to dir:
> > >>
> > >> "/home/client1"
> > >>
> > >> > Mar 11 00:38:16 MyServer scponly[25246]: chdiring to dir: "/"
> > >> > Mar 10 23:38:16 MyServer scponly[25246]: setting uid to 1000
> > >> > Mar 10 23:38:16 MyServer scponly[25246]: processing request: "rsync
> > >> > --server -vvvvvvlogDtpr . /home/client1/backup"
> > >> > Mar 10 23:38:16 MyServer scponly[25246]: running: /usr/bin/rsync
> > >> > --server -vvvvvvlogDtpr . /home/client1/backup (username:
> > >> > client1(1000), IP/port: xxx.xxx.xxx.xxx 2402 22)
> > >> > Mar 10 23:38:16 MyServer scponly[25246]: failed: /usr/bin/rsync
> > >> > --server -vvvvvvlogDtpr . /home/client1/backup with error No such
> > >> > file or directory(2) (username: client1(1000), IP/port:
> > >> > xxx.xxx.xxx.xxx 2402 22)
> > >> >
> > >> >
> > >> >
> > >> > However if I chage that user to
> > >> >
> > >> >
> > >> > client1:x:1000:100::/home/client1:/usr/local/bin/scponly
> > >> >
> > >> > the rsync works fine :(
> > >> >
> > >> > Any thoughts on what I am doing wrong??
> > >> >
> > >> >
> > >> > regards
> > >> >
> > >> >
> > >> > John
> > >> >
> > >> > _______________________________________________
> > >> > scponly mailing list
> > >> > scponly at lists.ccs.neu.edu
> > >> > https://lists.ccs.neu.edu/bin/listinfo/scponly
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20070314/d604c1f0/attachment.bin

More information about the scponly mailing list