[scponly] not chrooting from script

Lars Hermerschmidt lars.hermerschmidt at ias.rwth-aachen.de
Sun Dec 18 10:31:55 EST 2005


Lupe Christoph schrieb:
> On Friday, 2005-12-16 at 09:02:33 +0100, Lars Hermerschmidt wrote:
> 
> 
>>i use the debian scponlyc package 4.0-1 and also tried the one from 
>>testing release (forgot the version) and both show a quite ugly 
>>behaviour when i call scponlyc from a script that i wrote as login 
>>shell. My perl script presents a menu to users who log in through ssh 
>>and if the user tries to execute a command it simply passes it to 
>>scponlyc like this:
>> system("/usr/sbin/scponlyc -c \"$args\"");
>>BUT scponlyc did no chroot and the logging don't realy told me why. So i 
>>tried around and finaly found that with
>> system("export PATH=\$PATH:/usr/sbin; scponlyc -c \"$args\"");
>>scponly does chroot.
> 
> 
>>To me this sounds like a bug.
> 
> 
> The bug is that scponlyc is a very peculiar kind of shell. One that does
> not work like a sheel, but only like a login shell.
So its not written for things i'm using it for?
> 
> 
>>When i use scponly directly as login shell and do a ssh login i got no 
>>real sensful information. Wouldn't it be nice to give the admin a chance 
>>to put a menu there like i did?
> 
> 
> Actually, no. What would scp, sftp, rsync et al do with your menu?
Nothing, the menu is only presented if the user logs in without the -c
parameter. If someone uses scp for example scponly is called like this:
scponly -c scp -k /dir/where/file/goes/to
So they woulned interfere.
> 
> Lupe Christoph

greetings Lars





More information about the scponly mailing list