[scponly] rsync using chRoot on Suse 10.2

John Timmons jwtimmons at gmail.com
Wed Mar 14 08:58:54 EDT 2007


They do indeed have 755 permissions.

User can't do an ls as only rsync is enabled on that account (No shell)

John

On 13/03/07, Paul Hyder <Paul.Hyder at noaa.gov> wrote:
> And all of the intermediate directories (/home/client1/usr/bin) also have
> permissions of 755?  [A non-root user on this host can do an ls and see
> /home/client1/usr/bin/rsync?]
>
> Were any other configure options selected?
>        Paul Hyder
>
> John Timmons wrote:
> > Thanks for replying
> >
> >
> > The rsync switch was used compile scponly and rsync does exist in
> > /home/client1/usr/bin/rsync :(
> >
> > All files in there are owned by root but have 0755 permissions
> >
> >
> > Regards
> >
> >
> > John
> >
> > On 12/03/07, Paul Hyder <Paul.Hyder at noaa.gov> wrote:
> >> The message indicates that /home/client1/usr/bin/rsync is either missing
> >> or has bad permissions.  [i.e. This looks like something is missing from
> >> the jail.]
> >>
> >> First step is to double check your configure flags to make sure that the
> >> build used "--enable-rsync-compat" and then to see if the rsync binary is
> >> in the jail.
> >>     Paul Hyder
> >>
> >> John Timmons wrote:
> >> > I have been struggling to get rsync to work under a chRooted account
> >> > using Scponly.
> >> >
> >> > If I change the user /etc/passwd to use the non chRoot scponly rsync
> >> works fine
> >> > but if I use
> >> > client1:x:1000:100::/home/client1:/usr/local/sbin/scponlyc
> >> >  then I get the 0 byte connection error.
> >> >
> >> > I have patched Scponly to get around the -e or --server errors.
> >> >
> >> > I have ldd'd rsync and I have all the libraries
> >> > running on Scponly 4.6
> >> >
> >> >
> >> > Ran "make jail" to create the chRoot account etc
> >> >
> >> > Incoming folder is /home/client1/backup
> >> >
> >> >
> >> > Rsync command I'm running is
> >> >
> >> > rsync -av /cygdrive/c/text client1 at domain.name:/home/client1/backup
> >> >
> >> > /cygrive/c/text is just some test files
> >> >
> >> > and have tried
> >> > client1 at domain.name:/home/client1/backup
> >> > client1 at domain.name:/home/client1/backup/
> >> > client1 at domain.name:/backup
> >> > client1 at domain.name:/backup/
> >> > client1 at domain.name:/
> >> >
> >> >
> >> > log looks like this
> >> >
> >> > Mar 11 00:38:16 MyServer sshd[25240]: Accepted
> >> > keyboard-interactive/pam for client1 from xxx.xxx.xxx.xxx port 2402
> >> > ssh2
> >> > Mar 11 00:38:16 MyServer scponly[25246]: chrooted binary in place,
> >> will chroot()
> >> > Mar 11 00:38:16 MyServer scponly[25246]: 3 arguments in total.
> >> > Mar 11 00:38:16 MyServer scponly[25246]:      arg 0 is scponlyc
> >> > Mar 11 00:38:16 MyServer scponly[25246]:      arg 1 is -c
> >> > Mar 11 00:38:16 MyServer scponly[25246]:      arg 2 is rsync --server
> >> > -vvvvvvlogDtpr . /home/client1/backup
> >> > Mar 11 00:38:16 MyServer scponly[25246]: opened log at LOG_AUTHPRIV,
> >> > opts 0x00000009
> >> > Mar 11 00:38:16 MyServer scponly[25246]: retrieved home directory of
> >> > "/home/client1" for user "client1"
> >> > Mar 11 00:38:16 MyServer scponly[25246]: chrooting to dir:
> >> "/home/client1"
> >> > Mar 11 00:38:16 MyServer scponly[25246]: chdiring to dir: "/"
> >> > Mar 10 23:38:16 MyServer scponly[25246]: setting uid to 1000
> >> > Mar 10 23:38:16 MyServer scponly[25246]: processing request: "rsync
> >> > --server -vvvvvvlogDtpr . /home/client1/backup"
> >> > Mar 10 23:38:16 MyServer scponly[25246]: running: /usr/bin/rsync
> >> > --server -vvvvvvlogDtpr . /home/client1/backup (username:
> >> > client1(1000), IP/port: xxx.xxx.xxx.xxx 2402 22)
> >> > Mar 10 23:38:16 MyServer scponly[25246]: failed: /usr/bin/rsync
> >> > --server -vvvvvvlogDtpr . /home/client1/backup with error No such file
> >> > or directory(2) (username: client1(1000), IP/port: xxx.xxx.xxx.xxx
> >> > 2402 22)
> >> >
> >> >
> >> >
> >> > However if I chage that user to
> >> >
> >> >
> >> > client1:x:1000:100::/home/client1:/usr/local/bin/scponly
> >> >
> >> > the rsync works fine :(
> >> >
> >> > Any thoughts on what I am doing wrong??
> >> >
> >> >
> >> > regards
> >> >
> >> >
> >> > John
> >> >
> >> > _______________________________________________
> >> > scponly mailing list
> >> > scponly at lists.ccs.neu.edu
> >> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >>
> >>
>
>



More information about the scponly mailing list