[scponly] Antw: scponly Digest, Vol 58, Issue 2

Axel Schneck axel at schnecken-clan.de
Fri Oct 19 14:54:20 EDT 2007 

Hi,
if I read it right you are trying to install it on a 64Bit Installation of Suse ( /lib64 )?
Is that right?
I'm not sure but I think it doesnt work on 64Bit Linux.
I tried to install scponly on a 64Bit of Suse Enterprise Server and couldnt get it running (compilation, configure not working). I had to reinstall the server with 32Bit Suse (urgs...) to get it working.
regards,
Axel

>>> <scponly-request at lists.ccs.neu.edu> 19.10.2007 18:00 >>>
Send scponly mailing list submissions to
scponly at lists.ccs.neu.edu

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ccs.neu.edu/bin/listinfo/scponly
or, via email, send a message with subject or body 'help' to
scponly-request at lists.ccs.neu.edu

You can reach the person managing the list at
scponly-owner at lists.ccs.neu.edu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of scponly digest..."


Today's Topics:

   1. Eroor Permission Denied(13) (Ed Bradley)
   2. Re: Eroor Permission Denied(13) (Kaleb Pederson)


----------------------------------------------------------------------

Message: 1
Date: Thu, 18 Oct 2007 14:25:31 -0400
From: "Ed Bradley" <Ed.Bradley at sdhc.k12.fl.us>
Subject: [scponly] Eroor Permission Denied(13)
To: scponly at lists.ccs.neu.edu
Message-ID:
<fc.00757e5a15b0478e00757e5a15b0478e.15b04b0b at sdhc.k12.fl.us>
Content-Type: text/plain; charset="iso-8859-1"

Hello all,

I have been trying to get scponly4.6 working in a chrooted enviroment on a
SLES9 SP 3 machine.
The script to add a user creates the user, creates the directory structure
under the user with directories of /bin /etc /incoming /lib /lib64 and /usr

I have added /dev/null to the path.

Error log I get when trying to connect via sftp is as follows.

Oct 18 08:35:10 linux57 sshd[9672]: Accepted keyboard-interactive/pam for
idscan from 172.16.0.40 port 33240 ssh2
Oct 18 08:35:10 linux57 sshd[9675]: subsystem request for sftp
Oct 18 08:35:11 linux57 scponly[9676]: chrooted binary in place, will
chroot()
Oct 18 08:35:11 linux57 scponly[9676]: 3 arguments in total.
Oct 18 08:35:11 linux57 scponly[9676]: arg 0 is scponlyc
Oct 18 08:35:11 linux57 scponly[9676]: arg 1 is -c
Oct 18 08:35:11 linux57 scponly[9676]: arg 2 is /usr/local/bin/sftp-server
Oct 18 08:35:11 linux57 scponly[9676]: opened log at LOG_AUTHPRIV, opts
0x00000029
Oct 18 08:35:11 linux57 scponly[9676]: retrieved home directory of
"/home/scponly/idscan" for user "idscan"
Oct 18 08:35:11 linux57 scponly[9676]: chrooting to dir:
"/home/scponly/idscan"
Oct 18 08:35:11 linux57 scponly[9676]: chdiring to dir: "/"
Oct 18 12:35:11 linux57 scponly[9676]: setting uid to 1004
Oct 18 12:35:11 linux57 scponly[9676]: processing request:
"/usr/local/bin/sftp-server" 
Oct 18 12:35:11 linux57 scponly[9676]: running: /usr/local/bin/sftp-server
(username: idscan(1004), IP/port: 172.16.0.40 33240 22)
Oct 18 12:35:11 linux57 scponly[9676]: failed: /usr/local/bin/sftp-server
with error Permission denied(13) (username: idscan(1004), IP/port:
172.16.0.40 33240 22)


Now for some reason the scponly is returning a time 4 hours later then
system time.

The file that permission  is denied for is /usr/local/bin/sftp-server
which is outside the chroot, not the
/home/scponly/idscan/usr/localbin/sftp-server/sftp-server.

The file is owned by root and has permission set to 755.

If you need any other information I will be happy to provide it.

Sincerely,
Ed Bradley

-------------- next part --------------
HTML attachment scrubbed and removed

------------------------------

Message: 2
Date: Thu, 18 Oct 2007 19:56:55 -0700
From: Kaleb Pederson <kaleb.pederson at gmail.com>
Subject: Re: [scponly] Eroor Permission Denied(13)
To: scponly at lists.ccs.neu.edu
Message-ID: <200710181956.56771.kaleb.pederson at gmail.com>
Content-Type: text/plain;  charset="utf-8"

On Thursday 18 October 2007, Ed Bradley wrote:
[snip]
> Oct 18 12:35:11 linux57 scponly[9676]: running: /usr/local/bin/sftp-server
> (username: idscan(1004), IP/port: 172.16.0.40 33240 22)
> Oct 18 12:35:11 linux57 scponly[9676]: failed: /usr/local/bin/sftp-server
> with error Permission denied(13) (username: idscan(1004), IP/port:
> 172.16.0.40 33240 22)
>
> Now for some reason the scponly is returning a time 4 hours later then
> system time.
>
> The file that permission  is denied for is /usr/local/bin/sftp-server
> which is outside the chroot, not the
> /home/scponly/idscan/usr/localbin/sftp-server/sftp-server.

The sftp-server that is within the chroot is the one that is executed by 
scponly.  It doesn't have any way to get to the other one once it has 
chrooted, so that's the only one it can get to.

You'll want to make sure that the user account has full permissions up through 
the path to that file and that the filesystem that it's on is not mounted 
noexec (although it's good to have the users files on a filesystem mounted 
noexec).

--Kaleb



------------------------------

_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/scponly


End of scponly Digest, Vol 58, Issue 2
**************************************
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the scponly mailing list