[scponly] scponly chroot OpenSUSE 10.2

Patrick punkpati at yahoo.com
Thu Jun 21 03:09:47 EDT 2007 

Hello,
i would like to use scponly 4.6 to chroot users in there homes on my OpenSUSE 10.2. The users connects with WinSCP.

I got the error "Connection has been unexpectedly closed. Server sent command exit status 1." from WinSCP after giving the password to login." from WinSCP.

With /usr/local/bin/scponly instead of /usr/local/sbin/scponlyc it's work fine.

I compiled scponly with the following options
    ./configure --enable-scp-compat --enable-winscp-compat --enable-chrooted-binary --with-sftp-server
and use "make jail" to create a user (fu2).

All libraries here are in there appropriate directories in /home/fu2

ldconfig -v -r /home/fu2/
ldconfig: Can't stat /usr/X11R6/lib/Xaw3d: No such file
ldconfig: Can't stat /usr/X11R6/lib: No such file or di
ldconfig: Can't stat /usr/lib/Xaw3d: No such file or di
ldconfig: Can't stat /usr/i386-suse-linux/lib: No such
ldconfig: Can't stat /usr/local/lib: No such file or di
ldconfig: Can't stat /opt/kde3/lib: No such file or dir
ldconfig: Can't stat /opt/gnome/lib: No such file or di
/lib:
        libutil.so.1 -> libutil.so.1
        libacl.so.1 -> libacl.so.1
        librt.so.1 -> librt.so.1
        libnss_compat.so.2 -> libnss_compat.so.2
        libc.so.6 -> libc.so.6
        ld-linux.so.2 -> ld-linux.so.2
        libresolv.so.2 -> libresolv.so.2
        libpthread.so.0 -> libpthread.so.0
        libdl.so.2 -> libdl.so.2
        libcom_err.so.2 -> libcom_err.so.2
        libz.so.1 -> libz.so.1
        libnsl.so.1 -> libnsl.so.1
        libattr.so.1 -> libattr.so.1
        libcrypt.so.1 -> libcrypt.so.1
/usr/lib:
        libkrb5support.so.0 -> libkrb5support.so.0
        libopensc.so.2 -> libopensc.so.2
        libssl.so.0.9.8 -> libssl.so.0.9.8
        libscconf.so.2 -> libscconf.so.2
        libltdl.so.3 -> libltdl.so.3
        libopenct.so.1 -> libopenct.so.1
        libgssapi_krb5.so.2 -> libgssapi_krb5.so.2
        libkrb5.so.3 -> libkrb5.so.3
        libcrypto.so.0.9.8 -> libcrypto.so.0.9.8
        libpcsclite.so.1 -> libpcsclite.so.1
        libk5crypto.so.3 -> libk5crypto.so.3
        
        
Here some hopefully usefull information after a connect from a Linux shell with "sftp fu2 at 192.168.3.129".

/var/log/message 
sshd[14877]: subsystem request for sftp
scponly[14878]: chrooted binary in place, will chroot()
scponly[14878]: 3 arguments in total.
scponly[14878]:        arg 0 is scponlyc
scponly[14878]:        arg 1 is -c
scponly[14878]:        arg 2 is /usr/lib/ssh/sftp-server
scponly[14878]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[14878]: retrieved home directory of "/home/fu2" for user "fu2"
scponly[14878]: chrooting to dir: "/home/fu2"
scponly[14878]: chdiring to dir: "/"
scponly[14878]: setting uid to 1002
scponly[14878]: processing request: "/usr/lib/ssh/sftp-server"
scponly[14878]: Unable to find "LOG_SFTP" in the environment
scponly[14878]: Found "USER" and setting it to "fu2"
scponly[14878]: Unable to find "SFTP_UMASK" in the environment
scponly[14878]: Unable to find "SFTP_PERMIT_CHMOD" in the environment
scponly[14878]: Unable to find "SFTP_PERMIT_CHOWN" in the environment
scponly[14878]: Unable to find "SFTP_LOG_LEVEL" in the environment
scponly[14878]: Unable to find "SFTP_LOG_FACILITY" in the environment
scponly[14878]: Environment contains "USER=fu2"
scponly[14878]: running: /usr/lib/ssh/sftp-server (username: fu2(1002), IP/port: 192.168.3.129 8951 22)


A strace shows following

read(6, "\0\0\0\20", 4)                 = 4
read(6, "4\0\0\0\1\0\0\0\7l3tag3m", 16) = 16
write(4, "\0\0\0\f\6", 5)               = 5
write(4, "\0\0\0\7l3tag3m", 11)         = 11
write(6, "\0\0\0\0055", 5)              = 5
write(6, "\0\0\0\1", 4)                 = 4
read(6, "\0\0\0\1", 4)                  = 4
read(6, "2", 1)                         = 1
read(4, "\0\0\0\27", 4)                 = 4
read(4, "\0", 23)                       = 1
read(4, "\0\0\0\2OK\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0", 22) = 22
write(6, "\0\0\0\0213", 5)              = 5
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigaction(SIGCHLD, NULL, {0x800265f0, [], 0}, 8) = 0
rt_sigaction(SIGCHLD, {SIG_DFL}, NULL, 8) = 0
waitpid(14855, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG) = 14855
sigreturn()                             = ? (mask now [])
write(6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
read(6, "\0\0\0\5", 4)                  = 4
read(6, "4\0\0\0\0", 5)                 = 5
write(6, "\0\0\0\0055", 5)              = 5
write(6, "\0\0\0\0", 4)                 = 4
read(6, "\0\0\0\1", 4)                  = 4
read(6, "6", 1)                         = 1
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
kill(14855, SIGTERM)                    = -1 ESRCH (No such process)
close(4)                                = 0
close(-1)                               = -1 EBADF (Bad file descriptor)
write(6, "\0\0\0\0017", 5)              = 5
read(6, "\0\0\0\1", 4)                  = 4
read(6, ".", 1)                         = 1
write(6, "\0\0\0\t/", 5)                = 5
write(6, "\0\0\0\1\0\0\0\0", 8)         = 8
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
time(NULL)                              = 1182347722
open("/etc/localtime", O_RDONLY)        = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fae000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\10"..., 4096) = 837
close(4)                                = 0
munmap(0xb7fae000, 4096)                = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(4, "<38>Jun 20 15:55:22 sshd[14850]:"..., 108, MSG_NOSIGNAL) = 108
close(4)                                = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(6, "\0\0\4\340", 4)                = 4
read(6, "\30\0\0\0 \245\231\235\rsG\277\220a\313\342\210>\233\24"..., 1248) = 1248
close(6)                                = 0
mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0xb776b000
munmap(0xb7a8d000, 65536)               = 0
waitpid(14854, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 14854
alarm(0)                                = 91
rt_sigaction(SIGALRM, NULL, {0x80007d00, [], SA_INTERRUPT}, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(5)                                = 0
socketpair(PF_FILE, SOCK_STREAM, 0, [4, 5]) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7adc708) = 14859
close(4)                                = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {0x8001f630, [], 0}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x8001f630, [], 0}, NULL, 8) = 0
read(5, "\0\0\0\1", 4)   = 4
read(5, ":", 1) = 1
waitpid(14859, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 14859
--- SIGCHLD (Child exited) @ 0 (0) ---
exit_group(0)



Thanks in advance!
Patrick





__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 
http://mail.yahoo.com

More information about the scponly mailing list