[scponly] Eroor Permission Denied(13)

Ed Bradley Ed.Bradley at sdhc.k12.fl.us
Thu Oct 18 14:25:31 EDT 2007 

Hello all,

I have been trying to get scponly4.6 working in a chrooted enviroment on a
SLES9 SP 3 machine.
The script to add a user creates the user, creates the directory structure
under the user with directories of /bin /etc /incoming /lib /lib64 and /usr

I have added /dev/null to the path.

Error log I get when trying to connect via sftp is as follows.

Oct 18 08:35:10 linux57 sshd[9672]: Accepted keyboard-interactive/pam for
idscan from 172.16.0.40 port 33240 ssh2
Oct 18 08:35:10 linux57 sshd[9675]: subsystem request for sftp
Oct 18 08:35:11 linux57 scponly[9676]: chrooted binary in place, will
chroot()
Oct 18 08:35:11 linux57 scponly[9676]: 3 arguments in total.
Oct 18 08:35:11 linux57 scponly[9676]: 	arg 0 is scponlyc
Oct 18 08:35:11 linux57 scponly[9676]: 	arg 1 is -c
Oct 18 08:35:11 linux57 scponly[9676]: 	arg 2 is /usr/local/bin/sftp-server
Oct 18 08:35:11 linux57 scponly[9676]: opened log at LOG_AUTHPRIV, opts
0x00000029
Oct 18 08:35:11 linux57 scponly[9676]: retrieved home directory of
"/home/scponly/idscan" for user "idscan"
Oct 18 08:35:11 linux57 scponly[9676]: chrooting to dir:
"/home/scponly/idscan"
Oct 18 08:35:11 linux57 scponly[9676]: chdiring to dir: "/"
Oct 18 12:35:11 linux57 scponly[9676]: setting uid to 1004
Oct 18 12:35:11 linux57 scponly[9676]: processing request:
"/usr/local/bin/sftp-server" 
Oct 18 12:35:11 linux57 scponly[9676]: running: /usr/local/bin/sftp-server
(username: idscan(1004), IP/port: 172.16.0.40 33240 22)
Oct 18 12:35:11 linux57 scponly[9676]: failed: /usr/local/bin/sftp-server
with error Permission denied(13) (username: idscan(1004), IP/port:
172.16.0.40 33240 22)


Now for some reason the scponly is returning a time 4 hours later then
system time.

The file that permission  is denied for is /usr/local/bin/sftp-server
which is outside the chroot, not the
/home/scponly/idscan/usr/localbin/sftp-server/sftp-server.

The file is owned by root and has permission set to 755.

If you need any other information I will be happy to provide it.

Sincerely,
Ed Bradley

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the scponly mailing list