[scponly] scponly and rsync

Paul Hyder Paul.Hyder at noaa.gov
Thu Sep 15 17:09:09 EDT 2005 

The code at the "denied request" message says:
        /*
         *      reaching this point in the code means the request isnt one of
         *      our accepted commands
         */

It means that a call to valid_arg_vector is failing.  It almost sounds like this
build is a missing --enable-rsync-compat at config time.  That possible?
	Paul Hyder
	NOAA Forecast Systems Lab
	Boulder, CO


roger at rope.net wrote:
> 	I have one user that has been using scponly with rsync to do file
> transfers to/from his website account. I have transferred his account from
> a system using an older version of scponly, to one that's using the
> latest. Everything is setup identically, except for the following:
> 
> Old home directory:	/home/websites/matter
> 
> New passwd file entry:	/home/websites/matter//website
> New home directory:	/home/websites/matter/website
> chroot directory:	/home/websites/matter
> 
> 	His new home directory has the .ssh directory with empty
> known_hosts file, with permissions and ownership as on the old system. He
> can use sftp for access, and everything works. He cannot use the same
> rsync command as before without getting errors:
> 
> 
>>Command for old site was:
>>  rsync -vturzn  \
>>            -e 'ssh -v' \
>>            ~/site/*
>>            matter at www.materialisations.com:/website
>>
>>The -v argument to rsync, and the -v argument to ssh are just
>>to increase verbosity.  The -n argument to rsync, tells it this is
>>just a dry run (show what would be done).  The above command
>>worked with the old site.  For the new site, the www becomes
>>www2, and '/website' becomes just '/'.
> 
> 
> 	Here's the results:
> 
> Sep 15 16:35:33 nylon sshd(pam_unix)[2522]: session opened for user matter by (uid=0)
> Sep 15 16:35:33 nylon [2523]: chrooted binary in place, will chroot()
> Sep 15 16:35:33 nylon [2523]: 3 arguments in total.
> Sep 15 16:35:33 nylon [2523]:   arg 0 is scponlyc
> Sep 15 16:35:33 nylon [2523]:   arg 1 is -c
> Sep 15 16:35:33 nylon [2523]:   arg 2 is rsync --server -vuntrz . /website
> Sep 15 16:35:33 nylon [2523]: opened log at LOG_AUTHPRIV, opts 0x00000009
> Sep 15 16:35:33 nylon [2523]: retrieved home directory of "/home/websites/matter//website" for user "matter"
> Sep 15 16:35:33 nylon [2523]: chrooting to dir: "/home/websites/matter"
> Sep 15 16:35:33 nylon [2523]: chdiring to dir: "/website"
> Sep 15 16:35:33 nylon [2523]: setting uid to 512
> Sep 15 16:35:33 nylon [2523]: processing request: "rsync --server -vuntrz . /website"
> Sep 15 16:35:33 nylon [2523]: denied request: rsync --server -vuntrz . /website [username: matter(512), IP/port: 78.148.200.126 60463 22]
> Sep 15 16:35:33 nylon sshd(pam_unix)[2522]: session closed for user matter
> 
> 	Is there some special setup that must be used that's different
> from what was previously required?
> 
> 	Thanks.
>

More information about the scponly mailing list