[scponly] Extra characters in rsync arguments of scponly
Kaleb Pederson
kaleb.pederson at gmail.com
Wed Oct 7 10:41:16 EDT 2009
On Wednesday 07 October 2009 04:33:37 am Jérôme wrote:
> The same command line works for the "old" client1 and not for "client2".
> The very same command line ! Here is the auth.log, there is an extra
> ".is" that appeared, I do not know what it is. the rsync options of my
> command line are : "-avx --delete -e ssh -C --bwlimit=90 -F
> --exclude=.corbeille"
>
> *** auth.log ***
> Oct 5 16:46:10 verdi scponly[76594]: option 'e' or a related long
> option is not permitted for use with /usr/local/bin/rsync (arg was .is)
> (username: client2(3401), IP/port: 194.206.162.246 54917 22))
> Oct 5 16:46:10 verdi scponly[76594]: requested command
> (/usr/local/bin/rsync --server -vlogDtprCxe.is --bwlimit=90 --delete .
> sauvegardes/datas) tried to use disallowed argument (username:
> client2(3401), IP/port: 194.206.162.246 54917 22))
> Oct 5 16:46:37 verdi scponly[76627]: running: /usr/local/bin/rsync
> --server -vlogDtprCx --bwlimit=90 --delete . /sauvegardes (username:
> client1(3700), IP/port: 83.167.146.182 46600 22)
>
> *** temporary resolution ***
>
> I solved it temporarily using "--protocol=29" in the command line, to
> have the same behaviour than with the 4.6 version of scponly
Thanks for posting a workaround. This bug has been fixed for a long time in the CVS version of scponly. I'd recommend you try the current CVS version.
> *** 2nd bug ***
>
> I created a chroot environment, that really is executed and works (if I
> do not copy the version of rsync, I get an error message about rsync
> missing), my shell for the two users is /usr/local/sbin/scponlyc, but
> when I connect in sftp... I can get the whole root of the server !
Can you show me 'getent passwd' for the two users in question. There shell should be set to something like this:
/path/to/chroot//path/to/home
Note the double slash ('//') identifying where the chroot starts.
--Kaleb
More information about the scponly
mailing list