[scponly] Install for many accounts
Sven Hoexter
sven at timegate.de
Sun Aug 24 19:27:38 EDT 2003
On Sun, Aug 24, 2003 at 11:21:30AM -0400, Matthew Moffitt wrote:
> At 11:03 AM 8/24/2003, Sven Hoexter wrote:
> >On Sun, Aug 24, 2003 at 10:26:52AM -0400, Matthew Moffitt wrote:
Hi,
> >> I tried modifying the setup in config.h to build these so it would look
> >for a '.scponly/usr' and other folders instead of the default which I
> >thought I could then symlink for each person but this won't work, it
> >can't follow the symlink out of the jail. Even if I copied this over to
> >each person's home, making it look a little cleaner from their
> >perspective, I still have the problem with programs like sftp-server
> >having a hard coded path to find ld-elf.so.1 in /usr/libexec.
> >Well what you can do is setup one big chroot with scponlyc + needed
> >binarys and the users $HOME. Then you've to restrict the access to
> >the homedirs through the normal unix right system.
>
> I've thought about this, putting an scponly install 1 level above the users
> home directories. It would work but would just give the users 1 extra
> thing to possibly look at and get confused about.
Hehe, fear the stupidy of your users ;)
> >> Is there another approach that would facilitate creating an install for
> >several hundred accounts still using a jail but not having the binaries
> >copied over for each person? I would think there must be a clean way to
> >do this but I don't see it.
> >The problem with ssh/sftp/scponly is that there is no buildin ls
> >support and other things. So scponly always needs access to the
> >fileutils und linked libs.
>
> Got it, I see the problem and perhaps there isn't an elegant
> solution.
Oehm learn C programming and write a shell with build-in support
for all the fileutils needed should do the trick.
> Hrm, I may just drop trying to use chroot altogether for
> now. I'm worried about maintaining it if I have various installation
> scattered around as a kludge but I'll see if I can come up with anything
> else.
Maintaining a minimal chroot could be a pain in the ass. On a rpm
based system I would use rpm to build up and maintain the chroot() but
that's still far away from the optimal solution.
Sven
--
http://www.comboguano.de
http://sven.linux-ist-pleite.de
I'm root, if you see me laughing you better have a backup!
More information about the scponly
mailing list