[scponly] Re: FW: scponly Digest, Vol 6, Issue 6
Hammad
hammad at brisksolutions.com
Sat Jun 21 02:50:56 EDT 2003
There is not passwd command in that script. Attached is the setup script I am
using not sure where the problem lies.
Thanks for your help.
--
Hammad
Quoting Bill Cronin <bill at bock.com>:
| Modify the setup_chroot.sh that gets created to look for passwd as the
| password program rather than pw. I think pw must be the BSD version of
| Linux passwd program.
|
| You'll need to do some other stuff as well (copy in library files to /lib)
| in order to resolve dependencies for the programs in /bin in your jail.
| Just run ldd against all the programs in /bin to make sure all the
| necessary
| files are in the /lib directory. I can't remember what else I did exactly.
| The makefile to make the shell script is pretty BSD specific.
|
| -Bill
|
| -----Original Message-----
| From: scponly-bounces at lists.ccs.neu.edu
| [mailto:scponly-bounces at lists.ccs.neu.edu]On Behalf Of
| scponly-request at lists.ccs.neu.edu
| Sent: Friday, June 20, 2003 12:00 PM
| To: scponly at lists.ccs.neu.edu
| Subject: scponly Digest, Vol 6, Issue 6
|
|
| Send scponly mailing list submissions to
| scponly at lists.ccs.neu.edu
|
| To subscribe or unsubscribe via the World Wide Web, visit
| https://lists.ccs.neu.edu/bin/listinfo/scponly
| or, via email, send a message with subject or body 'help' to
| scponly-request at lists.ccs.neu.edu
|
| You can reach the person managing the list at
| scponly-owner at lists.ccs.neu.edu
|
| When replying, please edit your Subject line so it is more specific
| than "Re: Contents of scponly digest..."
|
|
| Today's Topics:
|
| 1. setup_chroot.sh problem (Hammad)
|
|
| ----------------------------------------------------------------------
|
| Date: Fri, 20 Jun 2003 02:00:18 -0400
| From: Hammad <hammad at brisksolutions.com>
| To: scponly at lists.ccs.neu.edu
| Subject: [scponly] setup_chroot.sh problem
| Message-ID: <1056088818.3ef2a2f293140 at mail.brisksolutions.com>
| Content-Type: text/plain; charset=ISO-8859-1
| MIME-Version: 1.0
| Content-Transfer-Encoding: 8bit
| Precedence: list
| Message: 1
|
| Hi:
|
| This is my first time installing scponly. Seems like a good product. I need
| some help though. I am running redhat 7.3, downloaded the newest version of
| scponly 3.8. configure, make, make install all went fine but when I
| run ./setup_chroot.sh. It spits out the following message. Any help will be
| appreciated.
|
| Before I ran ./setup_chroot.sh, I have a test user already created
| in /etc/passwd, both scponly and scponlyc added to /etc/shells. I do
| have 'useradd' in /usr/sbin.
|
| [root at mars scponly-3.8]# ./setup_chroot.sh
| this script requires the program useradd or pw to add your
| chrooted scponly user.
|
|
| --
| Hammad
|
|
|
|
| ------------------------------
|
| _______________________________________________
| scponly mailing list
| scponly at lists.ccs.neu.edu
| https://lists.ccs.neu.edu/bin/listinfo/scponly
|
|
| End of scponly Digest, Vol 6, Issue 6
| *************************************
|
|
-------------- next part --------------
#!/bin/sh
#
# check that the configure options are correct for chrooted operation:
if [ xscponlyc = x ] || [ ! -f ./config.h ]; then
echo
echo 'your scponly build is not configured for chrooted operation.'
echo 'please reconfigure as follows, then rebuild and reinstall:'
echo
echo './configure --enable-chrooted-binary (... other options)'
echo
exit 1
fi
# the following is a list of binaries that will be staged in the target dir
BINARIES=`/bin/grep '#define PROG_' config.h | /bin/cut -f2 -d\" | /bin/grep -v ^cd$`
# a function to display a failure message and then exit
fail ( ) {
echo -e $@
# exit 1
}
# "get with default" function
# this function prompts the user with a query and default reply
# it returns the user reply
getwd ( ) {
query="$1"
default="$2"
echo -en "$query [$default]" | cat >&2
read response
if [ x$response = "x" ]; then
response=$default
fi
echo $response
}
# "get yes no" function
# this function prompts the user with a query and will continue to do so
# until they reply with either "y" or "n"
getyn ( ) {
query="$@"
echo -en $query | cat >&2
read response
while [ x$response != "xy" -a x$response != "xn" ]; do
echo -e "\n'y' or 'n' only please...\n" | cat >&2
echo -en $query | cat >&2
read response
done
echo $response
}
if [ x/usr/bin/ldd = x ]; then
echo "this script requires the program ldd to determine which"
fail "shared libraries to copy into your chrooted dir..."
fi
USE_PW=0;
if [ x/usr/sbin/adduser = x ]; then
USE_PW=1;
else
if [ x = x ]; then
echo "this script requires the program useradd or pw to add your"
fail "chrooted scponly user."
fi
fi
# we need to be root
if [ `id -u` != "0" ]; then
fail "you must be root to run this script\n"
fi
echo
echo Next we need to set the home directory for this scponly user.
echo please note that the user\'s home directory MUST NOT be writable
echo by the scponly user. this is important so that the scponly user
echo cannot subvert the .ssh configuration parameters.
echo
echo for this reason, an \"incoming\" subdirectory will be created that
echo the scponly user can write into. if you want the scponly user to
echo automatically change to this incoming subdirectory upon login, you
echo can specify this when you specify the user\'s home directory as
echo follows:
echo
echo set the home dir to /chroot_path//incoming
echo
echo when scponly chroots, it will only chroot to "chroot_path" and
echo afterwards, it will chdir to incoming.
echo -n "enter the home directory you wish to set for this user: "
read targetdir
if [ "x$targetdir" = "x" ]; then
fail "need to specify a target directory"
fi
echo -n "Install for what username? "
read targetuser
if [ "x$targetuser" = "x" ]; then
fail "need to specify a username"
fi
/usr/bin/install -c -d $targetdir
/usr/bin/install -c -d $targetdir/usr
/usr/bin/install -c -d $targetdir/usr/bin
/usr/bin/install -c -d $targetdir/usr/sbin
/usr/bin/install -c -d $targetdir/usr/local
/usr/bin/install -c -d $targetdir/usr/local/lib
/usr/bin/install -c -d $targetdir/usr/local/bin
/usr/bin/install -c -d $targetdir/lib
/usr/bin/install -c -d $targetdir/usr/lib
/usr/bin/install -c -d $targetdir/usr/libexec
/usr/bin/install -c -d $targetdir/usr/libexec/openssh
/usr/bin/install -c -d $targetdir/bin
/usr/bin/install -c -d $targetdir/etc
for bin in $BINARIES; do
/usr/bin/install -c -C $bin $targetdir$bin
done
LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /bin/cut -f2 -d\> | /bin/cut -f1 -d\( | /bin/grep "^ " | /bin/sort -u`
LDSOFOUND=0
if [ -f /usr/libexec/ld.so ]; then
LIB_LIST="$LIB_LIST /usr/libexec/ld.so"
LDSOFOUND=1
fi
if [ -f /lib/ld-linux.so.2 ]; then
LIB_LIST="$LIB_LIST /lib/ld-linux.so.2"
LDSOFOUND=1
fi
if [ -f /usr/libexec/ld-elf.so.1 ]; then
LIB_LIST="$LIB_LIST /usr/libexec/ld-elf.so.1"
LDSOFOUND=1
fi
if [ $LDSOFOUND -eq 0 ]; then
fail i cant find your equivalent of ld.so
fi
/bin/ls /lib/libnss_compat* 2>&1 > /dev/null
if [ $? -eq 0 ]; then
LIB_LIST="$LIB_LIST /lib/libnss_compat* /lib/ld.so"
fi
if [ "x$LIB_LIST" != "x" ]; then
for lib in $LIB_LIST; do
/usr/bin/install -c $lib $targetdir/$lib
done
fi
if [ $USE_PW -eq 0 ] ; then
/usr/sbin/adduser -d "$targetdir" -s "/usr/local/sbin/scponlyc" $targetuser
if [ $? -ne 0 ]; then
fail "if this user exists, remove it and try again"
fi
else
adduser -n $targetuser -s "/usr/local/sbin/scponlyc" -d "$targetdir"
if [ $? -ne 0 ]; then
fail "if this user exists, remove it and try again"
fi
fi
chown 0:0 $targetdir
if [ -d $targetdir/.ssh ]; then
chown 0.0 $targetdir/.ssh
fi
if [ ! -d $targetdir/incoming ]; then
echo -e "\ncreating $targetdir/incoming directory for uploading files"
/usr/bin/install -c -o $targetuser -d $targetdir/incoming
fi
# the following is VERY BSD centric
# i check for pwd_mkdb before trying to use it
if [ x = x ]; then
/bin/grep $targetuser /etc/passwd > $targetdir/etc/passwd
else
/bin/grep $targetuser /etc/master.passwd > $targetdir/etc/master.passwd
-d "$targetdir/etc" $targetdir/etc/master.passwd
/bin/rm -rf $targetdir/etc/master.passwd $targetdir/etc/spwd.db
fi
More information about the scponly
mailing list