[scponly] FreeBSD 5.3-RELEASE-p27 and scponly-4.4 broken?

David Robillard david.robillard at notarius.com
Wed Mar 8 18:11:10 EST 2006 

Hi everyone,

I'm trying to get scponly-4.4 to work with on a FreeBSD 5.3-RELEASE-p27 machine.

Unfortunately, it always fails. Here's the debug info from the machine on which scponly is installed:

[drobilla at donald] scponly-4.4 {671}$ tail -f /var/log/scponly.log
Mar  8 18:03:00 donald scponly[11063]: 3 arguments in total.
Mar  8 18:03:00 donald scponly[11063]:  arg 0 is scponly
Mar  8 18:03:00 donald scponly[11063]:  arg 1 is -c
Mar  8 18:03:00 donald scponly[11063]:  arg 2 is scp -t /backup/test
Mar  8 18:03:00 donald scponly[11063]: opened log at LOG_AUTHPRIV, opts 0x00000029
Mar  8 18:03:00 donald scponly[11063]: retrieved home directory of "/backup" for user "backup"
Mar  8 18:03:00 donald scponly[11063]: setting uid to 1911
Mar  8 18:03:00 donald scponly[11063]: processing request: "scp -t /backup/test"
Mar  8 18:03:00 donald scponly[11063]: denied request: scp -t /backup/test [username: backup(1911), IP/port: 172.25.111.25 55510 22]

And here's the command as it is run by the remote machine:

[drobilla at raymond] drobilla {531}$ scp testfile backup at donald.notarius.com:/backup/test
Restricted Access.
Password:
scponly[11063]: 3 arguments in total.
scponly[11063]:         arg 0 is scponly
scponly[11063]:         arg 1 is -c
scponly[11063]:         arg 2 is scp -t /backup/test
scponly[11063]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[11063]: retrieved home directory of "/backup" for user "backup"
scponly[11063]: setting uid to 1911
scponly[11063]: processing request: "scp -t /backup/test"
scponly[11063]: denied request: scp -t /backup/test [username: backup(1911), IP/port: 172.25.111.25 55510 22]
lost connection
[drobilla at raymond] drobilla {532}$ 

On the machine on which scponly is installed, the user 'backup' is:

[drobilla at donald] scponly-4.4 {672}$ id backup
uid=1911(backup) gid=1911(backup) groups=1911(backup)

[drobilla at donald] scponly-4.4 {674}$ grep backup /etc/passwd 
backup:*:1911:1911:Remote Backup User:/backup:/usr/local/bin/scponly

[drobilla at donald] scponly-4.4 {673}$ ls -alF /backup
total 6
dr-xr-xr-x   3 backup  backup  512 Mar  8 17:35 ./
drwxr-xr-x  22 root    wheel   512 Mar  8 17:34 ../
drwxrwxr-x   2 backup  backup  512 Mar  8 17:05 .snap/

I'd like to get this working. Any ideas?

Many thanks,

David

--
David Robillard
UNIX systems administrator
david.robillard at notarius.com

Notarius
465, rue St-Jean, suite 200
Montréal, Québec, H2Y 2R6

Tel. : +1 514 966 0122
Fax. : +1 514 281 1226

http://www.notarius.com

Ce message, ainsi que tout fichier qui y est joint, est destiné exclusivement aux personnes à qui il est adressé. Il peut contenir des renseignements ou des informations de nature confidentielle qui ne doivent être divulgués en vertu des lois applicables. Si vous n'êtes pas le destinataire de ce message ou un mandataire autorisé de celui-ci, par la présente vous êtes avisé que toute impression, diffusion, distribution ou reproduction de ce message et de tout fichier qui y est joint est strictement interdite. L'intégrité de ce message n'étant pas assurée sur Internet, Notarius (TSIN) Inc. ne peut être tenue responsable de son contenu s'il a été altéré, déformé ou falsifié. Si ce message vous a été transmis par erreur, veuillez en aviser sans délai l'expéditeur et l'effacer ainsi que tout fichier joint sans en conserver de copie.

This message, and any attachments, is intended only for the use of the addressee or his authorized representative. It may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or his authorized representative, you are hereby notified that any dissemination, distribution or copying of this message and any attachments is strictly prohibited. The integrity of this message cannot be guaranteed on the Internet, Notarius (TSIN) Inc. shall not be liable for its content if altered, changed or falsified. If you have received this message in error, please contact right away with the sender and delete this message and any attachments from your system.

More information about the scponly mailing list