[scponly] sftp-server "No such file or directory"

Kaleb Pederson kaleb.pederson at gmail.com
Wed Feb 6 12:45:29 EST 2008 

Unfortunately, the strace logs don't really give me any extra information.

A few questions:

* What version of scponly are you running?  If not running the latest version,
  please upgrade let us know if thath helps.
* What are the permissions on scponlyc?
* Can you temporarily copy /bin/sh (and any required libraries) into the
  chroot and try to su to the user in question and execute
  /usr/lib/sftp-server?

Running in a vserver shouldn't affect anything, nor should the amd64 libs.  If 
none of the above helps and you happen to be running SELinux, you might try 
disabling the security restrictions.

--Kaleb



On Wednesday 06 February 2008, Dean Montgomery wrote:
> File system does not have noexec set.
>
> /home/dean/usr/lib/sftp-server
> * File permissions 755
> * Parent folder permissions 755
> * File/Folders owner root:root
>
>
> The kernel outside the vserver is:
> 2.6.18-3-vserver-amd64 #1 SMP Mon Dec 4 17:19:24 CET 2006 x86_64 GNU/Linux
>
> The inside the vserver is also running amd64 libs.
>
> Could it have something to do with being run in a vserver?
> Setting the shell to /usr/bin/scponly works but /usr/sbin/scponlyc does
> not.
>
> I've attached the 3 strace logs.
>
> On February 5, 2008, you wrote:
> > Dean,
> >
> > As it looks like the sftp-server exists at /usr/lib/sftp-server within
> > your chroot, make sure that the permissions allow it to be executed
> > and make sure that the filesystem isn't mounted 'noexec'.
> >
> > I can't think of anything else off the top of my head, so hopefully
> > that will solve it.  If not, post back with whatever additional
> > details you can provide.
> >
> > Thanks.
> >
> > --Kaleb
> >
> > On Feb 5, 2008 4:14 PM, Dean Montgomery <dmonty at sd73.bc.ca> wrote:
> > > I'm running debian etch on a vserver and I'm unable to get scponlyc
> > > working. The non-chroot scponly works fine.
> > >
> > >
> > > When I follow the FAQ page I get
> > > strace -o sftp.log -f -ff -p 2126
> > > grep "^exec" sftp.log*
> > > sftp.log.2193:execve("/usr/sbin/scponlyc",
> > > ["scponlyc", "-c", "/usr/lib/openssh/sftp-server"], [/* 9 vars */]) = 0
> > > sftp.log.2193:execve("/usr/lib/sftp-server", ["/usr/lib/sftp-server"],
> > > [/* 2 vars */]) = -1 ENOENT (No such file or directory)
> > >
> > > if you want I'll send a full copy of sftp.log.2193.
> > >
> > > In /var/log/auth.log I see:
> > > =========================
> > > Feb  5 11:23:09 vsbaseweb sshd[2126]: Accepted password for dean from
> > > 192.168.2.2 port 54386 ssh2
> > > Feb  5 11:23:09 vsbaseweb sshd[2192]: (pam_unix) session opened for
> > > user dean by (uid=0)
> > > Feb  5 11:23:09 vsbaseweb sshd[2192]: subsystem request for sftp
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: chrooted binary in place, will
> > > chroot()
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: 3 arguments in total.
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: ^Iarg 0 is scponlyc
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: ^Iarg 1 is -c
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: ^Iarg 2
> > > is /usr/lib/openssh/sftp-server
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: opened log at LOG_AUTHPRIV,
> > > opts 0x00000029
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: retrieved home directory
> > > of "/home/dean" for user "dean"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: chrooting to dir: "/home/dean"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: chdiring to dir: "/"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: chdiring to dir: "/"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: setting uid to 1022
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: processing
> > > request: "/usr/lib/openssh/sftp-server"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: Found "HOME" and setting it
> > > to "/home/dean"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: Environment
> > > contains "HOME=/home/dean"
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: set HOME environment variable
> > > to / username: dean(1022), IP/port: 192.168.2.2 54386 22
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: running: /usr/lib/sftp-server
> > > (username: dean(1022), IP/port: 192.168.2.2 54386 22)
> > > Feb  5 11:23:09 vsbaseweb scponly[2193]: failed: /usr/lib/sftp-server
> > > with error No such file or directory(2) (username: dean(1022), IP/port:
> > > 192.168.2.2
> > > 54386 22)
> > > =========================
> > >
> > > My chroot looks like:
> > > |-- bin
> > > |
> > > |   |-- chgrp
> > > |   |-- chmod
> > > |   |-- chown
> > > |   |-- echo
> > > |   |-- ln
> > > |   |-- ls
> > > |   |-- mkdir
> > > |   |-- mv
> > > |   |-- pwd
> > > |   |-- rm
> > > |   |-- rmdir
> > > |
> > > |   `-- scp
> > > |-- dev
> > > |   `-- null
> > > |-- etc
> > > |   `-- passwd
> > > |-- incoming
> > > |-- lib
> > > |
> > > |   |-- ld-linux.so.2
> > > |   |-- libacl.so.1
> > > |   |-- libattr.so.1
> > > |   |-- libc.so.6
> > > |   |-- libcom_err.so.2
> > > |   |-- libcrypt.so.1
> > > |   |-- libdl.so.2
> > > |   |-- libnsl.so.1
> > > |   |-- libnss_compat-2.3.6.so
> > > |   |-- libnss_compat.so.2
> > > |   |-- libpam.so.0
> > > |   |-- libpam_misc.so.0
> > > |   |-- libpopt.so.0
> > > |   |-- libpthread.so.0
> > > |   |-- libresolv.so.2
> > > |   |-- librt.so.1
> > > |   |-- libselinux.so.1
> > > |   |-- libsepol.so.1
> > > |
> > > |   `-- libutil.so.1
> > > |-- usr
> > > |
> > > |   |-- bin
> > > |   |
> > > |   |   |-- groups
> > > |   |   |-- id
> > > |   |   |-- passwd
> > > |   |   |-- rsync
> > > |   |
> > > |   |   `-- scp
> > > |
> > > |   `-- lib
> > > |
> > > |       |-- libcrypto.so.0.9.8
> > > |       |-- libgssapi_krb5.so.2
> > > |       |-- libk5crypto.so.3
> > > |       |-- libkrb5.so.3
> > > |       |-- libkrb5support.so.0
> > > |       |-- libz.so.1
> > > |       |-- openssh
> > > |       |   `-- sftp-server
> > > |
> > > |       `-- sftp-server
> > >
> > > _______________________________________________
> > > scponly mailing list
> > > scponly at lists.ccs.neu.edu
> > > https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list