[scponly] Further // usage confusion ... possible bug ?
Paul Hyder
Paul.Hyder at noaa.gov
Thu Mar 30 14:22:27 EST 2006
Sounds like chroot behavior confusion. Your chroot point is
"/usr/home" and the user is logically logged in to the
home directory of "/usr/home//username" which in the chroot
becomes the directory "/username" and is the directory
where the user has write permission. The chroot "/" is one
level above the username directory and contains things
that have to be in the chroot like etc, bin, lib, {perhaps
multiple username directories}, etc.
You can't (and MUST NOT be able to) write into the chrooted
"/", you want the user's home directory.
Paul Hyder
NOAA Earth System Research Laboratory, Global Systems Division
Boulder, CO
Ensel Sharon wrote:
>
> On Thu, 30 Mar 2006, Paul Hyder wrote:
>
>
>>Ensel Sharon wrote:
>>
>>>...
>>>/usr/home//username
>>>
>>>(where the chroot supporting etc/usr/bin directories for multiple users
>>>are in /usr/home)
>>>
>>>Should allow me to scp like this:
>>>
>>>scp /file username at servername:/
>>>
>>>but it doesn't - I _still_ have to specify the subdirectory on the scp
>>>command line:
>>>...
>>
>>Actually it wouldn't normally permit the scp above; "/" is the chroot
>>point NOT the users directory. You ABSOLUTELY DO NOT want users to have
>>write permission in "/".
>
>
>
> No, not in _the real_ /, of course not - but the explanation that the
> author gave as to how // works is that you are moved into the subdirectory
> (no longer the real "/").
>
> Why doesn't // in the home directory cause "/" in the scp line to be what
> is specified after the // ? If you look at my first post today, in which
> I quote the scponly author, that does seem to be what he is saying it
> does...
>
More information about the scponly
mailing list