[scponly] why won't 'find' work in the chroot ?
Kaleb Pederson
kibab at icehouse.net
Thu Sep 21 19:53:51 EDT 2006
On Thursday 21 September 2006 12:17 pm, Ensel Sharon wrote:
> I hacked the find command into scponly.c ...
And I'm sure you disallowed -exec and anything else that might be dangerous!
> However, it refuses to traverse the users chroot directory, and in a way
> that does not seem to match its normal respecting of unix permissions
>
> users home directory in /etc/passwd is:
>
> /home
The real /etc/passwd, or the one within the chroot?
> which is set 0711 ... so the user can not read it, can only traverse
> through it. Their "incoming" directory is /home/user, which is set 0700.
We need more details here. 711 indicates that the user has wrx access... so
who really owns it? Can you give us a full permissions listing of the related
files?
> So when I run:
>
> ssh user at host find /user
What does /user have to do with /home above? Are you assuming they are already
chrooted to their home directory? Why would /user exist below their home
directory then?
>
> I get:
>
> find: .: Permission denied
Mind giving us the debug output that would be in syslog on the server side?
> Which is really confusing me ... it has permission to do whatever it wants
> with /home/user, and it can traverse /home ...
>
> I would like to know:
>
> 1. why this doesn't work, when ls works just fine:
The answers to the above questions will probably help us figure this out.
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060921/215914a5/attachment.bin
More information about the scponly
mailing list