[scponly] Re: chroot problem on Redhat AS3[Solved]

Scott Koch koch at uselinux.us
Wed Apr 26 22:25:41 EDT 2006 

Well, I was trying not to bother the current scponly setup while I was
testing this, so the test below was on another sshd server that I was 
running on port 15000 on the same machine. I guess it didn't like 
something about it, because when I tried it on my main sshd server it 
worked fine. Not sure why, but it works now and I am happy. 

Thanks for everyone who has put time into this project. It is a big
help.

-Scott


On Wed, Apr 26, 2006 at 09:35:47PM -0400, Scott Koch wrote:
> I have scponly installed and setup to be used on my system. However
> it seems to be having some trouble chrooting. For some reason the ssh
> process is changing uids to the testuser before it does the chroot. I
> know that chrooting does not work for not uid 0 users, but I am not sure
> why it is changeing users *before* trying to chroot. Any help is
> appreciated.
> 
> -Scott
> 
> /etc/passwd entry:
> 
> testuser:x:513:513:FTP test user:/testchroot//pub:/bin/scponlyc
> 
> This is the message I get in my logs:
> 
> Apr 26 21:28:09 myhost scponly[4834]: chrooted binary in place, will
> chroot()
> Apr 26 21:28:09 myhost scponly[4834]: 3 arguments in total.
> Apr 26 21:28:09 myhost scponly[4834]:        arg 0 is scponlyc
> Apr 26 21:28:09 myhost scponly[4834]:        arg 1 is -c
> Apr 26 21:28:09 myhost scponly[4834]:        arg 2 is
> /usr/libexec/openssh/sftp-server
> Apr 26 21:28:09 myhost scponly[4834]: opened log at LOG_AUTHPRIV,
> opts 0x00000009
> Apr 26 21:28:09 myhost scponly[4834]: retrieved home directory of
> "/testchroot//pub" for user "testuser"
> Apr 26 21:28:09 myhost scponly[4834]: chrooting to dir: "/testchroot"
> Apr 26 21:28:09 myhost scponly[4834]: chroot: Operation not permitted
> Apr 26 21:28:09 myhost scponly[4834]: couldn't chroot to /testchroot
> [username: testuser(513), IP/port: ::ffff:xxx.xxx.xxx.xxx 38295 15000]
> 
> root# ls -la /testchroot
> total 96
> drwxr-xr-x   7 root testuser 4096 Apr 26 19:27 .
> drwxr-xr-x  29 root root     4096 Apr 26 20:12 ..
> -rw-r--r--   1 root testuser  304 Apr 23 00:59 .bash_logout
> -rw-r--r--   1 root testuser  191 Apr 23 00:59 .bash_profile
> -rw-r--r--   1 root testuser  124 Apr 23 00:59 .bashrc
> drwxr-xr-x   2 root testuser 4096 Apr 26 20:23 bin
> -rw-r--r--   1 root testuser  383 Apr 23 00:59 .emacs
> drwxr-xr-x   2 root testuser 4096 Apr 26 19:31 etc
> -rw-r--r--   1 root testuser  120 Apr 23 00:59 .gtkrc
> drwxr-xr-x   3 root testuser 4096 Apr 26 19:54 lib
> drwxr-xr-x   2 root testuser 4096 Apr 26 19:27 pub
> drwxr-xr-x   5 root testuser 4096 Apr 26 19:22 usr
> 
> root# ls -la /bin/scponlyc
> -rwsr-xr-x  1 root root 30099 Apr 26 19:15 /bin/scponlyc
> 
> 
> -- 
> ==============================================
> Scott Koch                                    
> koch at uselinux.us                
> http://www.uselinux.us                     
> ==============================================
> 

-- 
==============================================
Scott Koch                                    
koch at uselinux.us                
http://www.uselinux.us                     
==============================================

More information about the scponly mailing list