The included /usr/local/share/examples/scponly/setup_chroot.sh is not complete on the creation of the chrooted environment for scp use. The script does not created the needed /dev/null in the chrooted environment. My suggestion is to add this to the script. See fix below. Fix: Insert on line 201 of /usr/local/share/examples/scponly/setup_chroot.sh mkdir $targetdir/dev touch $targetdir/dev/null chmod 0666 $targetdir/dev/null To facilitate the .ssh directory for user, append: mkdir $targetdir/.ssh chmod 500 $targetdir/.ssh touch $targetdir/.ssh/authorized_keys chmod 444 $targetdir/.ssh/authorized_keys chown -R $targetuser:$targetuser $targetdir/.ssh How-To-Repeat: everytime you run setup_chroot.sh
Maintainer of shells/scponly, Please note that PR ports/144059 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/144059 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Hi, I do not think you can just touch /dev/null like that and it will work. You need to actually mount a devfs. The rc.d script included with the port will do this for all users who have scponlyc set as their login shell - have you looked at using that? -- Rob Farmer
Hi, It works since freebsd 6.2. On all the systems and accounts I use this, I never had problems. Hope this feedback helps, Michael ------- --[END MSG#590, LastMD5# 7ab916b90f6f68041552a401aceadfa1]---
I still think this is unnecessary because the rc.d script will handle it for you. Please try using that and see if that solves the problem. -- Rob Farmer
In my opinion the script creates an unnecessary dependency. It also leads to confusion and thoughts is erratic behaviour. People create a chrooted user but forget to rerun the rc.d/scponlyc and wonder why things don=92t work. You could also consider running /usr/local/etc/rc. d/scponlyc restart at the end of /usr/local/share/examples/scponly/ setup_chroot.sh Maybe it helps that my suggested patch a frequented posted suggestion is with works for scp. Hope this helps, Michael ------- --[END MSG#1, LastMD5# -]---
How about changing the note saying to run /usr/local/share/examples/scponly/setup_chroot.sh? Something like: To setup chroot cage, run following commands: 1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh 2) Set scponlyc_enable="YES" in /etc/rc.conf 3) Run ${LOCALBASE}/etc/rc.d/scponlyc start I think that would make it more clear what to do and eliminate any confusion. I'm not really a fan of deleting the rc.d script because I think it is more correct to mount a devfs than to just touch an empty /dev/null file. -- Rob Farmer
Here's a diff to change the message: http://www.predatorlabs.net/dl/patches/scponly-message.diff -- Rob Farmer
State Changed From-To: feedback->open Maintainer has provided a patch.
Responsible Changed From-To: freebsd-ports-bugs->stefan Take.
stefan 2010-06-28 13:47:20 UTC FreeBSD ports repository Modified files: shells/scponly Makefile Log: Make notes for setting up a chroot cage a bit more precise. PR: 144059 Submitted by: Michael Meelis <m.meelis@easybow.com> Patch by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer) Feature safe: yes Revision Changes Path 1.34 +4 -2 ports/shells/scponly/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Message update, thanks!