scponly chroot doesn´t work FB6.2
Marcelo Maraboli
marcelo.maraboli at usm.cl
Mon May 7 21:16:06 UTC 2007
Hello
I can´t seem to make scponly work with a chrooted jail. I´ve
read many articles on how FREEBSD´s scripts on making jails
really don´t work and a manual mknod of $jail/dev/null must
be done, but it still does´t work...
I´d appreciate any help
thanks
--------------
DEBUG INFO:
1.- scponly built as:
cd /usr/ports/shells/scponly/
make -DWITH_SCPONLY_RSYNC -DWITH_SCPONLY_SFTP_LOGGING -DWITH_SCPONLY_WINSCP -DWITH_SCPONLY_CHROOT
-DWITH_SCPONLY_SCP
make install
2.- dcsc user is defined as:
dcsc:*:2008:160:WWW Admin DCSC:/disk2/chroot//home/dcsc:/usr/local/sbin/scponlyc
3.- This is what I get AFTER making "/dev/null" and setting
it to 666 chmod.
root at longavi:/usr/local/etc/scponly$ scp debuglevel dcsc at longavi.dcsc.utfsm.cl:fo
Password:
scponly[65605]: chrooted binary in place, will chroot()
scponly[65605]: 3 arguments in total.
scponly[65605]: arg 0 is scponlyc
scponly[65605]: arg 1 is -c
scponly[65605]: arg 2 is scp -t fo
scponly[65605]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[65605]: retrieved home directory of "/disk2/chroot//home/dcsc" for user "dcsc"
scponly[65605]: chrooting to dir: "/disk2/chroot"
scponly[65605]: chdiring to dir: "/home/dcsc"
scponly[65605]: setting uid to 2008
scponly[65605]: processing request: "scp -t fo"
scponly[65605]: Unable to find "LOG_SFTP" in the environment
scponly[65605]: Found "USER" and setting it to "dcsc"
scponly[65605]: Unable to find "SFTP_UMASK" in the environment
scponly[65605]: Unable to find "SFTP_PERMIT_CHMOD" in the environment
scponly[65605]: Unable to find "SFTP_PERMIT_CHOWN" in the environment
scponly[65605]: Unable to find "SFTP_LOG_LEVEL" in the environment
scponly[65605]: Unable to find "SFTP_LOG_FACILITY" in the environment
scponly[65605]: Environment contains "USER=dcsc"
scponly[65605]: running: /usr/bin/scp -t fo (username: dcsc(2008), IP/port: 200.1.21.103 57465 22)
Couldn't open /dev/null: Operation not supportedlost connection
4.- chrooted tree:
root at longavi:/disk2/chroot$ ls -lasR
total 18
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ./
2 drwxr-xr-x 6 root wheel 512 May 7 15:56 ../
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/
2 drwxr-xr-x 2 root wheel 512 May 7 16:34 dev/
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 etc/
2 drwxr-xr-x 3 root wheel 512 May 7 15:58 home/
2 drwxr-xr-x 2 root wheel 512 May 7 16:42 lib/
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 libexec/
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 usr/
./bin:
total 82
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
6 -rwxr-xr-x 1 root wheel 5808 May 7 15:57 chmod*
4 -rwxr-xr-x 1 root wheel 3848 May 7 15:57 echo*
8 -rwxr-xr-x 1 root wheel 6336 May 7 15:57 ln*
24 -rwxr-xr-x 1 root wheel 23444 May 7 15:57 ls*
6 -rwxr-xr-x 1 root wheel 5068 May 7 15:57 mkdir*
10 -rwxr-xr-x 1 root wheel 9192 May 7 15:57 mv*
4 -rwxr-xr-x 1 root wheel 3932 May 7 15:57 pwd*
12 -rwxr-xr-x 1 root wheel 10640 May 7 15:57 rm*
4 -rwxr-xr-x 1 root wheel 3996 May 7 15:57 rmdir*
./dev:
total 4
2 drwxr-xr-x 2 root wheel 512 May 7 16:34 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
0 crw-rw-rw- 1 root wheel 2, 2 May 7 16:34 null
0 crw-rw-rw- 1 root wheel 0, 12 May 7 16:16 random
0 lrwxr-xr-x 1 root wheel 6 May 7 16:16 urandom@ -> random
0 crw-rw-rw- 1 root wheel 0, 7 May 7 16:16 zero
./etc:
total 44
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
40 -rw-r--r-- 1 root wheel 40960 May 7 15:57 pwd.db
./home:
total 6
2 drwxr-xr-x 3 root wheel 512 May 7 15:58 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
2 drwxr-xr-x 2 dcsc wwwext 512 May 7 16:01 dcsc/
./home/dcsc:
total 20
2 drwxr-xr-x 2 dcsc wwwext 512 May 7 16:01 ./
2 drwxr-xr-x 3 root wheel 512 May 7 15:58 ../
2 -rw-r--r-- 1 dcsc wwwext 767 May 7 16:01 .cshrc
2 -rw-r--r-- 1 dcsc wwwext 248 May 7 16:01 .login
2 -rw-r--r-- 1 dcsc wwwext 158 May 7 16:01 .login_conf
2 -rw------- 1 dcsc wwwext 373 May 7 16:01 .mail_aliases
2 -rw-r--r-- 1 dcsc wwwext 331 May 7 16:01 .mailrc
2 -rw-r--r-- 1 dcsc wwwext 797 May 7 16:01 .profile
2 -rw------- 1 dcsc wwwext 276 May 7 16:01 .rhosts
2 -rw-r--r-- 1 dcsc wwwext 975 May 7 16:01 .shrc
.wext 797 May 7 16:01 .profile
2 -rw------- 1 dcsc wwwext 276 May 7 16:01 .rhosts
2 -rw-r--r-- 1 dcsc wwwext 975 May 7 16:01 .shrc
./lib:
total 3094
2 drwxr-xr-x 2 root wheel 512 May 7 16:42 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
132 -r--r--r-- 1 root wheel 134060 May 7 16:38 libasn1.so.8
928 -rwxr-xr-x 1 root wheel 922668 May 7 15:57 libc.so.6*
6 -r--r--r-- 1 root wheel 5544 May 7 16:38 libcom_err.so.3
30 -rwxr-xr-x 1 root wheel 28680 May 7 15:57 libcrypt.so.3*
992 -rwxr-xr-x 1 root wheel 996688 May 7 15:57 libcrypto.so.4*
54 -r--r--r-- 1 root wheel 53556 May 7 16:37 libgssapi.so.8
240 -r--r--r-- 1 root wheel 216484 May 7 16:37 libkrb5.so.8
54 -rwxr-xr-x 1 root wheel 55160 May 7 15:57 libmd.so.3*
272 -rwxr-xr-x 1 root wheel 256748 May 7 15:57 libncurses.so.6*
50 -r--r--r-- 1 root wheel 49268 May 7 16:38 libroken.so.8
224 -r--r--r-- 1 root wheel 208860 May 7 16:37 libssh.so.3
44 -rwxr-xr-x 1 root wheel 43572 May 7 15:57 libutil.so.5*
64 -rwxr-xr-x 1 root wheel 64284 May 7 15:57 libz.so.3*
./libexec:
total 160
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
156 -rwxr-xr-x 1 root wheel 158712 May 7 15:57 ld-elf.so.1*
./usr:
total 14
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/
2 drwxr-xr-x 2 root wheel 512 May 7 16:42 lib/
2 drwxr-xr-x 2 root wheel 512 May 7 16:41 libexec/
2 drwxr-xr-x 3 root wheel 512 May 7 15:57 local/
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 sbin/
./usr/bin:
total 54
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../
8 -rwxr-xr-x 1 root wheel 6688 May 7 15:57 chgrp*
10 -rwxr-xr-x 1 root wheel 8212 May 7 15:57 groups*
10 -rwxr-xr-x 1 root wheel 8212 May 7 15:57 id*
22 -rwxr-xr-x 1 root wheel 22392 May 7 15:57 scp*
./usr/lib:
total 64
2 drwxr-xr-x 2 root wheel 512 May 7 16:42 ./
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../
60 -rwxr-xr-x 1 root wheel 59448 May 7 15:57 libbsm.so.1*
./usr/libexec:
total 182
2 drwxr-xr-x 2 root wheel 512 May 7 16:41 ./
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../
156 -rwxr-xr-x 1 root wheel 158712 May 7 15:57 ld-elf.so.1*
22 -rwxr-xr-x 1 root wheel 22012 May 7 15:57 sftp-server*
./usr/local:
total 6
2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/
./usr/local/bin:
total 276
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ../
272 -rwxr-xr-x 1 root wheel 261376 May 7 15:57 rsync*
158712 May 7 15:57 ld-elf.so.1*
22 -rwxr-xr-x 1 root wheel 22012 May 7 15:57 sftp-server*
./usr/local:
total 6
2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/
./usr/local/bin:
total 276
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ../
272 -rwxr-xr-x 1 root wheel 261376 May 7 15:57 rsync*
./usr/sbin:
total 12
2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./
2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../
8 -rwxr-xr-x 1 root wheel 6688 May 7 15:57 chown*
--
MSc. Marcelo Maraboli Rosselott
Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer)
Ingeniero Civil Electronico, CISSP (MSc., Electronic Engineer, CISSP)
Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria phone: +56 32 2654071
Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl
More information about the freebsd-questions
mailing list