[scponly] sftp problem with chroot on openbsd

domenico.albanese at hermess.it domenico.albanese at hermess.it
Fri Jul 28 11:27:55 EDT 2006


Hey Kaleb, I've solve the problem.
It was the shell.
Now I've to go, but tomorrow I'll write to the list what I do.
Thanks a lot.

Dome


2006/7/28, domenico.albanese at hermess.it <domenico.albanese at hermess.it>:
> ok, let's try:
>
> #############################################
> root at grog:/tmp/scponly-4.6# userdel -r pino
> userdel: User `ospite' doesn't own directory `/home/pino', not removed
> root at grog:/tmp/scponly-4.6# rm -fr /home/pino
> root at grog:/tmp/scponly-4.6# chmod u+x ./setup_chroot.sh
> root at grog:/tmp/scponly-4.6# ./setup_chroot.sh
>
> Next we need to set the home directory for this scponly user.
> please note that the user's home directory MUST NOT be writeable
> by the scponly user. this is important so that the scponly user
> cannot subvert the .ssh configuration parameters.
>
> for this reason, a writeable subdirectory will be created that
> the scponly user can write into.
>
> Username to install [scponly]pino
> home directory you wish to set for this user [/home/pino]
> name of the writeable subdirectory [incoming]
> install: 0: No such file or directory
> install: 1: No such file or directory
> install: Ref: No such file or directory
>
> creating  /home/pino/incoming directory for uploading files
> please set the password for pino:
> Changing local password for pino.
> New password:
> Retype new password:
> if you experience a warning with winscp regarding groups, please install
> the provided hacked out fake groups program into your chroot, like so:
> cp groups /home/pino/bin/groups
> root at grog:/tmp/scponly-4.6#cp groups /home/pino/bin/groups
> root at grog:/tmp/scponly-4.6# chroot -r /home/pino -v
> chroot: unknown option -- r
> usage: chroot [-g group,group,...] [-u user] newroot [command]
> root at grog:/tmp/scponly-4.6# chroot /home/pino -v
> chroot: -v: No such file or directory
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> chroot: /usr/local/bin/bash: No such file or directory
> root at grog:/tmp/scponly-4.6# ls /home/pino/usr/
> bin     libexec sbin
> root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/local
> root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/local/bin
> root at grog:/tmp/scponly-4.6# cp /usr/local/bin/bash /home/pino/usr/local/bin
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libtermcap.so.10.0'
> root at grog:/tmp/scponly-4.6# find / -name libtermcap.so.10.0
> /usr/lib/libtermcap.so.10.0
> root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/lib
> root at grog:/tmp/scponly-4.6# cp /usr/lib/libtermcap.so.10.0 /home/pino/usr/lib
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# find / -name libintl.so.3.0
> /usr/local/lib/libintl.so.3.0
> root at grog:/tmp/scponly-4.6# ls /home/pino/usr/local/
> bin
> root at grog:/tmp/scponly-4.6# mkdir /home/pino/usr/local/lib
> root at grog:/tmp/scponly-4.6# cp /usr/local/lib/libintl.so.3.0
> /home/pino/usr/local/lib
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# ls -las /usr/local/lib/libintl.so.3.0
> 80 -r--r--r--  1 root  bin  39135 Mar  1 16:23 /usr/local/lib/libintl.so.3.0
> root at grog:/tmp/scponly-4.6# ls -las /home/pino/usr/local/lib/libintl.so.3.0
> 80 -r--r--r--  1 root  wheel  39135 Jul 28 16:20
> /home/pino/usr/local/lib/libintl.so.3.0
> root at grog:/tmp/scponly-4.6# chown root:bin
> /home/pino/usr/local/lib/libintl.so.3.0
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libc.so.39.0'
> root at grog:/tmp/scponly-4.6# find / -name libc.so.39.0
> /usr/lib/libc.so.39.0
> root at grog:/tmp/scponly-4.6# ls /home/pino/usr/
> bin     lib     libexec local   sbin
> root at grog:/tmp/scponly-4.6# cp /usr/lib/libc.so.39.0 /home/pino/usr/lib
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libiconv.so.4.0'
> root at grog:/tmp/scponly-4.6# find / -name libiconv.so.4.0
> /usr/local/lib/libiconv.so.4.0
> root at grog:/tmp/scponly-4.6# cp /usr/local/lib/libiconv.so.4.0
> /home/pino/usr/local/lib/
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# find / -name libintl.so.3.0
> /home/pino/usr/local/lib/libintl.so.3.0
> /usr/local/lib/libintl.so.3.0
> root at grog:/tmp/scponly-4.6# ls -las /home/pino/usr/local/lib/libintl.so.3.0
> 80 -r--r--r--  1 root  bin  39135 Jul 28 16:20
> /home/pino/usr/local/lib/libintl.so.3.0
> root at grog:/tmp/scponly-4.6# ls -las /usr/local/lib/libintl.so.3.0
> 80 -r--r--r--  1 root  bin  39135 Mar  1 16:23 /usr/local/lib/libintl.so.3.0
>
> #############################################
>
> ?????
>
> wait a minute.....
>
> #############################################
>
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libiconv.so.4.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libiconv.so.4.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libiconv.so.4.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libiconv.so.4.0'
> root at grog:/tmp/scponly-4.6# chroot /home/pino
> /usr/local/bin/bash: can't load library 'libintl.so.3.0'
>
> #############################################
>
> funny, round robin style :-)
>
> emmhhh, and now ?
>
>
> Dome
>
>
>
>
>
>
> 2006/7/28, Kaleb Pederson <kibab at icehouse.net>:
> > On Friday 28 July 2006 5:22 am, domenico.albanese at hermess.it wrote:
> > > chmod u+x ./setup_chroot.sh
> > > ./setup_chroot.sh
> > [snip]
> > > Username to install [scponly]pino
> > > home directory you wish to set for this user [/home/pino]
> > > name of the writeable subdirectory [incoming]
> > > install: 0: No such file or directory
> > > install: 1: No such file or directory
> > > install: Ref: No such file or directory
> > [snip]
> >
> > > I don't understand, what I do wrong?
> >
> > It doesn't look like you did anything wrong.  Notice however that there were
> > errors in the setup_chroot script. It basically looks like you're missing
> > some libraries within the chroot.
> >
> > Run `chroot -r /home/pino -v` and see what it gives you.  Then run
> > `ldd /usr/libexec/sftp-server` and make sure that all the libraries that it
> > mentions exist within the chroot.  If there are any of them that aren't
> > present, copy them to the chroot.
> >
> > Let us know how everything works once you have done that.  If it still doesn't
> > work there are other things that we can try to figure out what's going on.
> >
> > Hope that helps.
> >
> > --Kaleb
> >
> >
> > > Domenico
> > >
> > > _______________________________________________
> > > scponly mailing list
> > > scponly at lists.ccs.neu.edu
> > > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> >
> >
> >
>



More information about the scponly mailing list