[scponly] setup_chroot.sh.in changes and others

[Ralf Durkee]

Here's a couple of changes for the 3.9 setup_chroot.sh.in

Fixed a misspelling of $newgid, and added an install/chown/chmod for ./etc/ 
dir.


-- Ralf Durkee, GSEC, GCIH
Information Security Consultant
http://rd1.net


diff setup_chroot.sh.in.orig setup_chroot.sh.in
199c199
< @PROG_CHOWN@ $newuid:$newguid $targetdir/$writeabledir
---
 > @PROG_CHOWN@ $newuid:$newgid $targetdir/$writeabledir
220a221,223
 >               $INSTALL_PATHNAME -d $targetdir/etc
 >               @PROG_CHOWN@ 0:0 $targetdir/etc
 >               @PROG_CHMOD@ 555 $targetdir/etc



I'd also like to recommend a more restrictive permissions for the default 
install. Namely:

# chown -R 0:0 $targetdir
# chmod -R u=rwX,g=rX,o=  $targetdir
# chgrp -R $newgid   $targetdir
# chmod -R g+w  $targetdir/$writeabledir

Everything is owned by root, except new files coming in, the user has write 
access to only the $writeabledir.  Of course root could be replaced by an 
sftp admin user specific to the site.


Finally, I added a PRE script for Linux build_extras/arch/Linux.pre.sh
this was tested on RedHat9 although i expect it to work on most. Here it is...

#
#       this is a presetup script for Linux
#
#   any custom modifications to setup_chroot.sh variables could occur here
#
# update the real ld.so.cache, and include it and the config to be copied.
# could use ldconfig -r, but this is probably more portable.
ldconfig
LIB_LIST="$LIB_LIST /etc/ld.so.cache  /etc/ld.so.conf"




BTW, the chroot//home works great for 3.9 on RedHat9.