[scponly] comandline works, winscp not

scponly at bischof.homelinux.net scponly at bischof.homelinux.net
Tue Sep 30 14:54:20 EDT 2008 

Hi Kaleb,

Kaleb Pederson schrieb:
> On Tuesday 30 September 2008, scponly at bischof.homelinux.net wrote:
>> Dear all,
>>
>> I've some problems with my scponlyc, which I cannot solve by myself
>> after some hours of trying. If I do scp via commandline, everything
>> work's fine:
>>
> [...snip...]
> 
>> But if I use WinSCP, which I need for some friend of mine, I get errors
>> that the user is not allowed to execute /bin/pwd and such:
> [...snip...]
> 
>> Sep 30 14:56:26 linux scponly[18402]: processing request: "pwd"
>> Sep 30 14:56:26 linux scponly[18402]: running: /bin/pwd (username:
>> rolli(1005), IP/port: 127.0.0.1 38632 22)
>> Sep 30 14:56:28 linux scponly[18402]: processing request: "pwd"
>> Sep 30 14:56:28 linux scponly[18402]: running: /bin/pwd (username:
>> rolli(1005), IP/port: 127.0.0.1 38632 22)
> 
> It looks like everything works fine.  Where do you get the error message?  
> Is /bin/pwd really in the chroot?
> 
> Please let us know.

it's really weird. Here are some listings to look at permissions:


*** chroot:
root at linux:/opt/mp3# la
...
drwxr-xr-x   9 root   musiktausch 4,0K  4. Jul 2007  sync

*** inside the chroot:
root at linux:/opt/mp3/sync# la
insgesamt 44K
drwxr-xr-x 9 root  musiktausch 4,0K  4. Jul 2007  .
drwxr-xr-x 7 root  root        4,0K 16. Sep 16:19 ..
drwxr-xr-x 2 root  musiktausch 4,0K 30. Sep 11:35 bin
drwxr-xr-x 2 root  root        4,0K  4. Jul 2007  dev
drwxr-xr-x 2 root  staff       4,0K 30. Sep 12:28 etc
drwxr-xr-x 3 root  staff       4,0K  4. Jul 2007  lib
drwxrwxr-x 3 rolli musiktausch 4,0K 30. Sep 14:54 musiktausch
drwxr-xr-x 2 rolli root        4,0K  4. Jul 2007  public_html
drwxr-xr-x 7 root  staff       4,0K  4. Jul 2007  usr

*** inside bin:
root at linux:/opt/mp3/sync/bin# la
insgesamt 404K
drwxr-xr-x 2 root musiktausch 4,0K 30. Sep 11:35 .
drwxr-xr-x 9 root musiktausch 4,0K  4. Jul 2007  ..
-rwxr-xr-x 1 root musiktausch  33K  4. Jul 2007  chgrp
-rwxr-xr-x 1 root musiktausch  30K  4. Jul 2007  chmod
-rwxr-xr-x 1 root musiktausch  35K  4. Jul 2007  chown
-rwxr-xr-x 1 root musiktausch  15K  4. Jul 2007  echo
-rwxr-xr-x 1 root musiktausch 6,4K 30. Sep 14:47 groups
-rwxr-xr-x 1 root musiktausch  23K  4. Jul 2007  ln
-rwxr-xr-x 1 root musiktausch  76K  4. Jul 2007  ls
-rwxr-xr-x 1 root musiktausch  22K  4. Jul 2007  mkdir
-rwxr-xr-x 1 root musiktausch  62K  4. Jul 2007  mv
-rwxr-xr-x 1 root musiktausch  15K  4. Jul 2007  pwd
-rwxr-xr-x 1 root musiktausch  34K  4. Jul 2007  rm
-rwxr-xr-x 1 root musiktausch  14K  4. Jul 2007  rmdir

You see, /bin/pwd is there. I set the group to "musiktausch" and tried 
even different, as I thought I might have incidentally changed 
permission while working on my mp3 archive.

By the way, this is about the user scponly user rolli:
root at linux:/# grep rolli /etc/passwd
rolli:x:1005:1005::/opt/mp3/sync//musiktausch:/usr/sbin/scponlyc

root at linux:/# grep rolli /etc/group
musiktausch:x:1006:frisco,rolli
rolli:x:1005:

How should /etc/passwd and group look like inside the chroot? You can 
see above, that rolli has uid 1005 inside the chroot - should it be the 
same in the passwd in the chroot?

On the other hand, scp with rolli works - I simply don't understand.

In winscp (tried 3.7.5 and the actual 4.s.th.) I tried scp and even 
sftp. The debug of scp is shown above, sftp leads to an memory error in 
winscp.

ssh is:
openssh-client            1:5.1p1-2
openssh-server            1:5.1p1-2
ssh                       1:5.1p1-2

Any more clues?

Cheers, Frisco

More information about the scponly mailing list