[scponly] Re: chdir in chroot problem (re-visited)
Paul Hyder
Paul.Hyder at noaa.gov
Tue May 25 18:34:25 EDT 2004
Ok, it is time to ask: Which operating system is this?
The behavior you desire should already be working, i.e. if
the top level /etc/passwd file has a home directory for a user
that is /home/fred//www AND the directory /home/fred/www exists
then that is the directory scponlyc should see as that user's home.
This also means the scponlyc support directories (etc,bin,etc)
have been installed in /home/fred. (i.e. "This works for me on
Linux. What's different in your setup?")
Almost sounds like a chroot behavior difference.
Paul Hyder
NOAA Forecast Systems Lab
Boulder, CO
FYI: Home directory capture occurred at line 145 with the call to
helper.c:get_uservar.
David Ramsden wrote:
> On Tue, May 25, 2004 at 08:25:32PM +0100, david wrote:
> [snip]
>
>>So when they login, they automatically get chdir'ed to ~/www
>>This doesn't work when using scponlyc - It does work however when using
>>scponly
>>
>>So it's something either wrong in scponlyc itself or with my chroot. But
>>others have reported this too and I believe before scpjailer was
>>announced.
>>
>
> [snip]
>
> OK - I've been poking around with the source and this is what I've
> found:
>
> scponly.c, line 158 - The while loop gets the "root directory",
> excluding any additional chdir stuff. So it you had
> /home/fred//www, this gets transformed to /home/fred which is used
> to chroot() later.
>
> scponly.c, line 170 - Here, it chroot()'s to the determined "root
> directory". i.e. /home/fred but it does not honour any additional chdir
> stuff. This was disregarded ealier in the while() to determine the
> correct "root directory" to chroot() to.
>
> So after the chroot() stuff (line 170 of scponly.c) it needs to do a
> chdir() if it's needed to "/www" for example if earlier, the
> homedir was something like /home/fred//www (taken from
> /etc/passwd).
>
> I'm not really a great C programmer - I believe this is what needs to be
> done here to fix this problem once and for all. Can someone knock up a
> patch as a kind of proof-of-concept?
>
> I can manually hack it. So after the chroot() at line 170, I can add in
> chdir("/www") as if it was correctly honouring "/home/fred//www" and it
> works fine.
>
> I hope this helps!
> Look forward to seeing this bug fixed, if indeed I'm on the right track.
>
> Regards,
> David.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list