[scponly] Problem with scp-only and chroot on Centos
Ali Jawad
alijawad1 at gmail.com
Tue Jan 4 11:24:41 EST 2011
Hi
Thanks for the hint, I eventually used the new features of Openss to chroot
sftp users.
Regards
On Tue, Jan 4, 2011 at 7:23 PM, Kaleb Pederson <kaleb.pederson at gmail.com>wrote:
> I'd recommend something like JailKit to setup the chroot. As the
> various distributions add more and more features, it's becoming
> increasingly difficult to setup a chroot by hand as it depends on
> additional libraries and files.
>
> --Kaleb
>
>
> On Wed, Dec 29, 2010 at 9:10 AM, Ali Jawad <alijawad1 at gmail.com> wrote:
> > Hi
> > I followed the installation progress, did add a users using the scrip,
> did
> > follow the FAQ on centos..created dev/null with appropriate permission
> ..and
> > got a few hints online on what libraries to add, the thing is that
> scponly
> > works just fine but scponlyc does not work at all, I did enable debugging
> > but /var/log/messages does not show anything of interest that was not
> there
> > before..as for /var/log/secure it shows
> >
> > Dec 29 12:09:21 domU-12-31-39-0A-48-62 sshd[26315]:
> pam_unix(sshd:session):
> > session opened for user scponly by (uid=0)
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 sshd[26319]: subsystem request for
> > sftp
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: chrooted binary in
> > place, will chroot()
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: 3 arguments in
> total.
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: arg 0 is scponlyc
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: arg 1 is -c
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: arg 2 is
> > /usr/libexec/openssh/sftp-server
> > Dec 29 12:09:22 domU-12-31-39-0A-48-62 scponly[26320]: opened log at
> > LOG_AUTHPRIV, opts 0x00000029
> > Dec 29 12:09:23 domU-12-31-39-0A-48-62 sshd[26315]:
> pam_unix(sshd:session):
> > session closed for user scponly
> >
> >
> >
> >
> > I did a strace and got :
> >
> > sftp.log.25491:execve("/usr/local/sbin/scponlyc", ["scponlyc", "-c",
> > "/usr/libexec/openssh/sftp-server"], [/* 8 vars */]) = 0
> > sftp.log.25491-brk(0) = 0x606000
> > sftp.log.25491-fcntl(0, F_GETFD) = 0
> > sftp.log.25491-fcntl(1, F_GETFD) = 0
> > sftp.log.25491-fcntl(2, F_GETFD) = 0
> > sftp.log.25491-access("/etc/suid-debug", F_OK) = -1 ENOENT (No
> such
> > file or directory)
> > sftp.log.25491-mmap(NULL, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaac7000
> > sftp.log.25491-uname({sys="Linux", node="XXXXXXXXXXXXXXXXXXXXXXXXXX",
> ...})
> > = 0
> > sftp.log.25491-access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No
> such
> > file or directory)
> > sftp.log.25491-open("/etc/ld.so.cache", O_RDONLY) = 3
> > sftp.log.25491-fstat(3, {st_mode=S_IFREG|0644, st_size=43144, ...}) = 0
> > sftp.log.25491-mmap(NULL, 43144, PROT_READ, MAP_PRIVATE, 3, 0) =
> > 0x2aaaaaac8000
> > sftp.log.25491-close(3) = 0
> > sftp.log.25491-open("/lib64/libc.so.6", O_RDONLY) = 3
> > sftp.log.25491-read(3,
> > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\332\1\0\0\0\0\0"...,
> > 832) = 832
> > sftp.log.25491-fstat(3, {st_mode=S_IFREG|0755, st_size=1712216, ...}) = 0
> > sftp.log.25491-mmap(NULL, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaaad3000
> > sftp.log.25491-mmap(NULL, 3498328, PROT_READ|PROT_EXEC,
> > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2aaaaacc8000
> > sftp.log.25491-mprotect(0x2aaaaae15000, 2097152, PROT_NONE) = 0
> > sftp.log.25491-mmap(0x2aaaab015000, 20480, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14d000) = 0x2aaaab015000
> > sftp.log.25491-mmap(0x2aaaab01a000, 16728, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2aaaab01a000
> >
> > Please advice.
> >
> >
> > Regards
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> >
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the scponly
mailing list