[scponly] SFTP Directory Listings

Paul Hyder Paul.Hyder at noaa.gov
Fri Sep 22 18:15:55 EDT 2006


The output indicates that sftp is getting NULL responses from the calls
that do the lookups that use the /etc files.  (getpwuid, getgrgrid, and
localtime to be specific, if this is openssh in sftp-common.c/ls_file)

This usually means that at least one library is missing from the jail.
(If file permissions in /etc are not overly restricted.)

Which OS is this?  (In Linux you would start with an ldd of the
sftp-server binary, all it should need is for you to make sure you have
all of the libraries for all of the dependencies.)
	Paul Hyder
	NOAA Earth System Research Laboratory, Global Systems Division
	Boulder, CO

Ross Alexander wrote:
> I have tried it both ways - as chroot (shell = scponlyc) and not (shell
> = scponly), and both behave the same. I have also tried scponlyc using a
> jail created by `build jail`, in which case only a pwd.db exists in
> /home/scponly/etc, and a jail created using guidelines found in
> BUILDING-JAILS.TXT, in which case I have group, master.passwd, passwd,
> pwd.db, shells, and spwd.db in /jail/etc/. Again, both behave the same
> with regards to the directory listings.
> 
> Here is debug info seen during a login using scponlyc (debuglevel = 1):
> 
> Sep 22 01:39:36 alex scponly[19100]: chrooted binary in place, will
> chroot()
> Sep 22 01:39:36 alex scponly[19100]: 3 arguments in total.
> Sep 22 01:39:36 alex scponly[19100]:    arg 0 is scponlyc
> Sep 22 01:39:36 alex scponly[19100]:    arg 1 is -c
> Sep 22 01:39:36 alex scponly[19100]:    arg 2 is
> /usr/local/libexec/sftp-server
> Sep 22 01:39:36 alex scponly[19100]: opened log at LOG_AUTHPRIV, opts
> 0x00000009
> Sep 22 01:39:36 alex scponly[19100]: retrieved home directory of
> "/home/scponly//incoming" for user
> "scponly"
> Sep 22 01:39:36 alex scponly[19100]: chrooting to dir: "/home/scponly"
> Sep 22 01:39:36 alex scponly[19100]: chdiring to dir: "/incoming"
> Sep 22 01:39:36 alex scponly[19100]: setting uid to 1007
> Sep 22 01:39:36 alex scponly[19100]: processing request:
> "/usr/local/libexec/sftp-server"
> Sep 22 01:39:36 alex scponly[19100]: running: /usr/libexec/sftp-server
> (username: scponly(1007), IP/
> port: x.x.x.x 40207 22)
> 
> Thanks,
> 
> Ross
> 
> On Sep 21, 2006, at 6:56 PM, Kaleb Pederson wrote:
> 
>> I presume you are using a chroot? This is probably because of the
>> /etc/passwd
>> and /etc/groups within the chroot -- so what do they look like,
>> assuming you
>> are using a chroot?
>>
>> If not, please provide us the debug output that should be in syslog on
>> the
>> server side.  You might have to:
>>
>> echo 1 > /YOUR/INSTALL/PREFIX/etc/scponly/debuglevel
>>
>> before you see it.
>>
>> Hope that helps.
>>
>> --Kaleb
>>
>> On Thursday 21 September 2006 1:29 pm, Ross Alexander wrote:
>>> Using SFTP with scponly, my directory lists look like:
>>>
>>> sftp> ls -la
>>> 040755 0 0 512 1158830649 .
>>> 040755 0 0 512 1158830649 ..
>>> 040755 0 0 512 1158830648 bin
>>> 040755 0 0 512 1158830649 etc
>>> 040755 1007 1007 512 1158831582 incoming
>>> 040755 0 0 512 1158830648 usr
>>>
>>> instead of the more familiar (using SFTP with BASH):
>>>
>>> sftp> ls -la
>>> drwxr-xr-x    6 root     wheel         512 Sep 21 04:24 .
>>> drwxr-xr-x    9 root     wheel         512 Sep 21 04:24 ..
>>> drwxr-xr-x    2 root     wheel         512 Sep 21 04:24 bin
>>> drwxr-xr-x    2 root     wheel         512 Sep 21 04:24 etc
>>> drwxr-xr-x    3 scponly  scponly       512 Sep 21 04:39 incoming
>>> drwxr-xr-x    6 root     wheel         512 Sep 21 04:24 usr
>>>
>>> Is this normal, or is there something I missed in the configure?
>>>
>>> Many thanks,
>>>
>>> Ross
>>>
>>> _______________________________________________
>>> scponly mailing list
>>> scponly at lists.ccs.neu.edu
>>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>> _______________________________________________
>> scponly mailing list
>> scponly at lists.ccs.neu.edu
>> https://lists.ccs.neu.edu/bin/listinfo/scponly
> 
> 
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly




More information about the scponly mailing list