[scponly] chroot under SuSE fails

David Kensiski David at Kensiski.org
Sat Mar 27 10:01:41 EDT 2010 

Hi,

I am trying to run chrooted scponlyc (scponly-20080308) under OpenSUSE
10.2.  When I try to scp a file, I get a file not found error and the
following debug output:

caribeener:~ dlk$ scp scpuser at FQDN:incoming/motd .
Password:
scponly[697]: chrooted binary in place, will chroot()
scponly[697]: 3 arguments in total.
scponly[697]:   arg 0 is scponlyc
scponly[697]:   arg 1 is -c
scponly[697]:   arg 2 is scp -f incoming/motd
scponly[697]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[697]: determined USER is "scpuser" from environment
scponly[697]: retrieved home directory of "/home/scpuser" for user "scpuser"
scponly[697]: chrooting to dir: "/home/scpuser"
scponly[697]: chdiring to dir: "/"
scponly[697]: setting uid to 1003
scponly[697]: processing request: "scp -f incoming/motd"
scponly[697]: Using getopt processing for cmd /usr/bin/scp
 (username: scpuser(1003), IP/port: XX.XX.XX.XX 56437 22)
scponly[697]: getopt processing returned 'f' (username: scpuser(1003),
IP/port: XX.XX.XX.XX 56437 22)
scponly[697]: running: /usr/bin/scp -f incoming/motd (username:
scpuser(1003), IP/port: XX.XX.XX.XX 56437 22)
scponly[697]: about to exec "/usr/bin/scp" (username: scpuser(1003),
IP/port: XX.XX.XX.XX 56437 22)
scponly[697]: failed: /usr/bin/scp -f incoming/motd with error No such
file or directory(2) (username: scpuser(1003), IP/port: XX.XX.XX.XX
56437 22)

I set the chroot jail up using the setup_chroot.sh script, and have
verified that both incoming/motd and usr/bin/scp exist relative to the
chroot:

dlk at imp01:/home/scpuser> ls -l incoming/motd usr/bin/scp
-rw-r--r-- 1 root root    21 2010-03-26 23:52 incoming/motd
-rwxr-xr-x 1 root root 57472 2010-03-26 23:51 usr/bin/scp

So I ran strace on the SSH pid and noticed a couple of innocuous
ENOENTs for files that don't exist in my non-chroot filesystem, and
the only other one I see is when we actually try to exec scp:

[pid  6468] execve("/usr/bin/scp", ["/usr/bin/scp", "-f",
"incoming/motd"], [/* 0 vars */]) = -1 ENOENT (No such file or
directory)

I am attaching the entire truss output in case that helps.  Any
thoughts about what's going wrong?

Thanks,
--Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scp2.out.gz
Type: application/x-gzip
Size: 7448 bytes
Desc: not available
Url : http://lists.ccs.neu.edu/pipermail/scponly/attachments/20100327/caab8fb2/attachment.bin

More information about the scponly mailing list