From owner-freebsd-questions@FreeBSD.ORG Mon May 7 21:16:06 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2F52016A403 for ; Mon, 7 May 2007 21:16:06 +0000 (UTC) (envelope-from marcelo.maraboli@usm.cl) Received: from sith.usm.cl (sith.usm.cl [200.1.21.112]) by mx1.freebsd.org (Postfix) with ESMTP id 3AF5B13C448 for ; Mon, 7 May 2007 21:16:04 +0000 (UTC) (envelope-from marcelo.maraboli@usm.cl) Received: from jedi.usm.cl (jedi.usm.cl [200.1.21.110]) by sith.usm.cl (8.13.5/8.13.5) with ESMTP id l47L5XdO060652 for ; Mon, 7 May 2007 17:05:33 -0400 (CLT) (envelope-from marcelo.maraboli@usm.cl) Received: from [200.1.21.50] (pucon.dcsc.utfsm.cl [200.1.21.50]) (user=marcelo.maraboli mech=PLAIN bits=0) by jedi.usm.cl (8.13.4/8.13.4) with ESMTP id l47L5Wrk094057 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 7 May 2007 17:05:33 -0400 (CLT) (envelope-from marcelo.maraboli@usm.cl) Message-ID: <463F949A.4060601@usm.cl> Date: Mon, 07 May 2007 17:05:30 -0400 From: Marcelo Maraboli User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Flag: NO X-Scanned-By: milter-spamc/0.25.321 (sith.usm.cl. [200.1.21.112]); Mon, 07 May 2007 17:05:36 -0400 X-Spam-Status: NO, hits=-4.30 required=3.00 X-Spam-Level: X-Virus-Scanned: ClamAV 0.88.2/3217/Mon May 7 14:01:19 2007 on sith.usm.cl X-Virus-Status: Clean Subject: scponly chroot =?iso-8859-1?q?doesn=B4t_work_FB6=2E2?= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2007 21:16:06 -0000 Hello I canīt seem to make scponly work with a chrooted jail. Iīve read many articles on how FREEBSDīs scripts on making jails really donīt work and a manual mknod of $jail/dev/null must be done, but it still doesīt work... Iīd appreciate any help thanks -------------- DEBUG INFO: 1.- scponly built as: cd /usr/ports/shells/scponly/ make -DWITH_SCPONLY_RSYNC -DWITH_SCPONLY_SFTP_LOGGING -DWITH_SCPONLY_WINSCP -DWITH_SCPONLY_CHROOT -DWITH_SCPONLY_SCP make install 2.- dcsc user is defined as: dcsc:*:2008:160:WWW Admin DCSC:/disk2/chroot//home/dcsc:/usr/local/sbin/scponlyc 3.- This is what I get AFTER making "/dev/null" and setting it to 666 chmod. root@longavi:/usr/local/etc/scponly$ scp debuglevel dcsc@longavi.dcsc.utfsm.cl:fo Password: scponly[65605]: chrooted binary in place, will chroot() scponly[65605]: 3 arguments in total. scponly[65605]: arg 0 is scponlyc scponly[65605]: arg 1 is -c scponly[65605]: arg 2 is scp -t fo scponly[65605]: opened log at LOG_AUTHPRIV, opts 0x00000029 scponly[65605]: retrieved home directory of "/disk2/chroot//home/dcsc" for user "dcsc" scponly[65605]: chrooting to dir: "/disk2/chroot" scponly[65605]: chdiring to dir: "/home/dcsc" scponly[65605]: setting uid to 2008 scponly[65605]: processing request: "scp -t fo" scponly[65605]: Unable to find "LOG_SFTP" in the environment scponly[65605]: Found "USER" and setting it to "dcsc" scponly[65605]: Unable to find "SFTP_UMASK" in the environment scponly[65605]: Unable to find "SFTP_PERMIT_CHMOD" in the environment scponly[65605]: Unable to find "SFTP_PERMIT_CHOWN" in the environment scponly[65605]: Unable to find "SFTP_LOG_LEVEL" in the environment scponly[65605]: Unable to find "SFTP_LOG_FACILITY" in the environment scponly[65605]: Environment contains "USER=dcsc" scponly[65605]: running: /usr/bin/scp -t fo (username: dcsc(2008), IP/port: 200.1.21.103 57465 22) Couldn't open /dev/null: Operation not supportedlost connection 4.- chrooted tree: root@longavi:/disk2/chroot$ ls -lasR total 18 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ./ 2 drwxr-xr-x 6 root wheel 512 May 7 15:56 ../ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/ 2 drwxr-xr-x 2 root wheel 512 May 7 16:34 dev/ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 etc/ 2 drwxr-xr-x 3 root wheel 512 May 7 15:58 home/ 2 drwxr-xr-x 2 root wheel 512 May 7 16:42 lib/ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 libexec/ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 usr/ ./bin: total 82 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 6 -rwxr-xr-x 1 root wheel 5808 May 7 15:57 chmod* 4 -rwxr-xr-x 1 root wheel 3848 May 7 15:57 echo* 8 -rwxr-xr-x 1 root wheel 6336 May 7 15:57 ln* 24 -rwxr-xr-x 1 root wheel 23444 May 7 15:57 ls* 6 -rwxr-xr-x 1 root wheel 5068 May 7 15:57 mkdir* 10 -rwxr-xr-x 1 root wheel 9192 May 7 15:57 mv* 4 -rwxr-xr-x 1 root wheel 3932 May 7 15:57 pwd* 12 -rwxr-xr-x 1 root wheel 10640 May 7 15:57 rm* 4 -rwxr-xr-x 1 root wheel 3996 May 7 15:57 rmdir* ./dev: total 4 2 drwxr-xr-x 2 root wheel 512 May 7 16:34 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 0 crw-rw-rw- 1 root wheel 2, 2 May 7 16:34 null 0 crw-rw-rw- 1 root wheel 0, 12 May 7 16:16 random 0 lrwxr-xr-x 1 root wheel 6 May 7 16:16 urandom@ -> random 0 crw-rw-rw- 1 root wheel 0, 7 May 7 16:16 zero ./etc: total 44 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 40 -rw-r--r-- 1 root wheel 40960 May 7 15:57 pwd.db ./home: total 6 2 drwxr-xr-x 3 root wheel 512 May 7 15:58 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 2 drwxr-xr-x 2 dcsc wwwext 512 May 7 16:01 dcsc/ ./home/dcsc: total 20 2 drwxr-xr-x 2 dcsc wwwext 512 May 7 16:01 ./ 2 drwxr-xr-x 3 root wheel 512 May 7 15:58 ../ 2 -rw-r--r-- 1 dcsc wwwext 767 May 7 16:01 .cshrc 2 -rw-r--r-- 1 dcsc wwwext 248 May 7 16:01 .login 2 -rw-r--r-- 1 dcsc wwwext 158 May 7 16:01 .login_conf 2 -rw------- 1 dcsc wwwext 373 May 7 16:01 .mail_aliases 2 -rw-r--r-- 1 dcsc wwwext 331 May 7 16:01 .mailrc 2 -rw-r--r-- 1 dcsc wwwext 797 May 7 16:01 .profile 2 -rw------- 1 dcsc wwwext 276 May 7 16:01 .rhosts 2 -rw-r--r-- 1 dcsc wwwext 975 May 7 16:01 .shrc .wext 797 May 7 16:01 .profile 2 -rw------- 1 dcsc wwwext 276 May 7 16:01 .rhosts 2 -rw-r--r-- 1 dcsc wwwext 975 May 7 16:01 .shrc ./lib: total 3094 2 drwxr-xr-x 2 root wheel 512 May 7 16:42 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 132 -r--r--r-- 1 root wheel 134060 May 7 16:38 libasn1.so.8 928 -rwxr-xr-x 1 root wheel 922668 May 7 15:57 libc.so.6* 6 -r--r--r-- 1 root wheel 5544 May 7 16:38 libcom_err.so.3 30 -rwxr-xr-x 1 root wheel 28680 May 7 15:57 libcrypt.so.3* 992 -rwxr-xr-x 1 root wheel 996688 May 7 15:57 libcrypto.so.4* 54 -r--r--r-- 1 root wheel 53556 May 7 16:37 libgssapi.so.8 240 -r--r--r-- 1 root wheel 216484 May 7 16:37 libkrb5.so.8 54 -rwxr-xr-x 1 root wheel 55160 May 7 15:57 libmd.so.3* 272 -rwxr-xr-x 1 root wheel 256748 May 7 15:57 libncurses.so.6* 50 -r--r--r-- 1 root wheel 49268 May 7 16:38 libroken.so.8 224 -r--r--r-- 1 root wheel 208860 May 7 16:37 libssh.so.3 44 -rwxr-xr-x 1 root wheel 43572 May 7 15:57 libutil.so.5* 64 -rwxr-xr-x 1 root wheel 64284 May 7 15:57 libz.so.3* ./libexec: total 160 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 156 -rwxr-xr-x 1 root wheel 158712 May 7 15:57 ld-elf.so.1* ./usr: total 14 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 9 root wheel 512 May 7 16:15 ../ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/ 2 drwxr-xr-x 2 root wheel 512 May 7 16:42 lib/ 2 drwxr-xr-x 2 root wheel 512 May 7 16:41 libexec/ 2 drwxr-xr-x 3 root wheel 512 May 7 15:57 local/ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 sbin/ ./usr/bin: total 54 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../ 8 -rwxr-xr-x 1 root wheel 6688 May 7 15:57 chgrp* 10 -rwxr-xr-x 1 root wheel 8212 May 7 15:57 groups* 10 -rwxr-xr-x 1 root wheel 8212 May 7 15:57 id* 22 -rwxr-xr-x 1 root wheel 22392 May 7 15:57 scp* ./usr/lib: total 64 2 drwxr-xr-x 2 root wheel 512 May 7 16:42 ./ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../ 60 -rwxr-xr-x 1 root wheel 59448 May 7 15:57 libbsm.so.1* ./usr/libexec: total 182 2 drwxr-xr-x 2 root wheel 512 May 7 16:41 ./ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../ 156 -rwxr-xr-x 1 root wheel 158712 May 7 15:57 ld-elf.so.1* 22 -rwxr-xr-x 1 root wheel 22012 May 7 15:57 sftp-server* ./usr/local: total 6 2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/ ./usr/local/bin: total 276 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ../ 272 -rwxr-xr-x 1 root wheel 261376 May 7 15:57 rsync* 158712 May 7 15:57 ld-elf.so.1* 22 -rwxr-xr-x 1 root wheel 22012 May 7 15:57 sftp-server* ./usr/local: total 6 2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../ 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 bin/ ./usr/local/bin: total 276 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 3 root wheel 512 May 7 15:57 ../ 272 -rwxr-xr-x 1 root wheel 261376 May 7 15:57 rsync* ./usr/sbin: total 12 2 drwxr-xr-x 2 root wheel 512 May 7 15:57 ./ 2 drwxr-xr-x 7 root wheel 512 May 7 15:57 ../ 8 -rwxr-xr-x 1 root wheel 6688 May 7 15:57 chown* -- MSc. Marcelo Maraboli Rosselott Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer) Ingeniero Civil Electronico, CISSP (MSc., Electronic Engineer, CISSP) Direccion Central de Servicios Computacionales (DCSC) Universidad Tecnica Federico Santa Maria phone: +56 32 2654071 Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl