[scponly] How can i install SCPONLY 4.8 on 64-Bit System?
Dave Miller
justdave at mozilla.com
Wed Feb 27 10:29:36 EST 2008
Newsletter wrote on 2/27/08 9:17 AM:
> I believed that scponly is a finished solution to access scp/sftp jails.
>
>
> I found nothing in the documentation about "create your own jail-script".
>
> " Try making your jail manually first and then script it yourself." ->
> That´s it why i
> want to use scponly. I didn´t want to make my own script.
>
> Did I misunderstand something there?
Yes. It's capable of and suggested to operate in a jail, but because of
distribution and OS differences and differences in library versions, no
single script can set up a proper jail for everyone. scponly (or
specifically scponlyc) will operate in a jail if you create one for it,
but you have to create it yourself. The included script is an example
of how to do it, but it's incomplete, probably intended for an older
version of whatever distribution of Linux the author was using at the time.
Personally, I recommend using a package like jailkit
(http://olivier.sessink.nl/jailkit/) to set up your jail. It has a few
categories already set up for common services, in addition to doing
automatic library resolving so you get all the prerequisite libraries
inside your jail. Jailkit already has section definitions for scp,
sftp, and rsync. Here's the section from jk_init.ini that I use for my
scp jail that ties those together and adds the other stuff that makes
scponly be useful:
[scponly]
comment = jail requirements for scponly shell
includesections = scp, sftp, rsync
executables = /bin/chgrp, /bin/chmod, /bin/chown, /bin/cp, /bin/ln,
/bin/ls, /bin/mkdir, /bin/mv, /bin/rm, /bin/rmdir
As was mentioned above, every distribution is different, so it's best to
double-check all of the referenced sections in the config to make sure
they're pulling things from the right paths and so forth. The above
config is specific to Fedora 7 using the jailkit RPM from the rpmforge
repository.
--
Dave Miller http://www.justdave.net/
System Administrator, Mozilla Corporation http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System http://www.bugzilla.org/
More information about the scponly
mailing list