[scponly] Problem with scp-only and chroot on Centos

Wed Dec 29 12:10:30 EST 2010

Hi
I followed the installation progress, did add a users using the scrip, did
follow the FAQ on centos..created dev/null with appropriate permission ..and
got a few hints online on what libraries to add, the thing is that scponly
works just fine but scponlyc does not work at all, I did enable debugging
but /var/log/messages does not show anything of interest that was not there
before..as for /var/log/secure it shows

Dec 29 12:09:21 domU-12-31-39-0A-48-62 sshd[26315]: pam_unix(sshd:session):
session opened for user scponly by (uid=0)
Dec 29 12:09:22 domU-12-31-39-0A-48-62 sshd[26319]: subsystem request for
sftp
Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: chrooted binary in
place, will chroot()
Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: 3 arguments in total.
Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]:  arg 0 is scponlyc
Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]:  arg 1 is -c
Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]:  arg 2 is
/usr/libexec/openssh/sftp-server
Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: opened log at
LOG_AUTHPRIV, opts 0x00000029
Dec 29 12:09:23 domU-12-31-39-0A-48-62 sshd[26315]: pam_unix(sshd:session):
session closed for user scponly

I did a strace and got :

sftp.log.25491:execve("/usr/local/sbin/scponlyc", ["scponlyc", "-c",
"/usr/libexec/openssh/sftp-server"], [/* 8 vars */]) = 0
sftp.log.25491-brk(0)                                  = 0x606000
sftp.log.25491-fcntl(0, F_GETFD)                       = 0
sftp.log.25491-fcntl(1, F_GETFD)                       = 0
sftp.log.25491-fcntl(2, F_GETFD)                       = 0
sftp.log.25491-access("/etc/suid-debug", F_OK)         = -1 ENOENT (No such
file or directory)
sftp.log.25491-mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaac7000
sftp.log.25491-uname({sys="Linux", node="XXXXXXXXXXXXXXXXXXXXXXXXXX", ...})
= 0
sftp.log.25491-access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such
file or directory)
sftp.log.25491-open("/etc/ld.so.cache", O_RDONLY)      = 3
sftp.log.25491-fstat(3, {st_mode=S_IFREG|0644, st_size=43144, ...}) = 0
sftp.log.25491-mmap(NULL, 43144, PROT_READ, MAP_PRIVATE, 3, 0) =
0x2aaaaaac8000
sftp.log.25491-close(3)                                = 0
sftp.log.25491-open("/lib64/libc.so.6", O_RDONLY)      = 3
sftp.log.25491-read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\332\1\0\0\0\0\0"...,
832) = 832
sftp.log.25491-fstat(3, {st_mode=S_IFREG|0755, st_size=1712216, ...}) = 0
sftp.log.25491-mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaad3000
sftp.log.25491-mmap(NULL, 3498328, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2aaaaacc8000
sftp.log.25491-mprotect(0x2aaaaae15000, 2097152, PROT_NONE) = 0
sftp.log.25491-mmap(0x2aaaab015000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14d000) = 0x2aaaab015000
sftp.log.25491-mmap(0x2aaaab01a000, 16728, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2aaaab01a000

Please advice.

Regards
-------------- next part --------------
HTML attachment scrubbed and removed