Bug 144059

Summary: shells/scponly: setup_chroot.sh patch
Product: Ports & Packages Reporter: Michael Meelis <m.meelis>
Component: Individual Port(s)Assignee: Stefan Walter <stefan>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Michael Meelis 2010-02-18 13:00:09 UTC 
The included /usr/local/share/examples/scponly/setup_chroot.sh is not complete on the creation of the chrooted environment for scp use. The script does not created the needed /dev/null in the chrooted environment. My suggestion is to add this to the script. See fix below.

Fix: 

Insert on line 201 of /usr/local/share/examples/scponly/setup_chroot.sh

mkdir $targetdir/dev
touch $targetdir/dev/null
chmod 0666 $targetdir/dev/null


To facilitate the .ssh directory for user, append:
mkdir $targetdir/.ssh
chmod 500 $targetdir/.ssh
touch $targetdir/.ssh/authorized_keys
chmod 444 $targetdir/.ssh/authorized_keys
chown -R $targetuser:$targetuser $targetdir/.ssh
How-To-Repeat: everytime you run setup_chroot.sh
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-02-18 13:00:17 UTC 
Maintainer of shells/scponly,

Please note that PR ports/144059 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/144059

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2010-02-18 13:00:19 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Robert Farmer 2010-02-18 15:29:03 UTC 
Hi,

I do not think you can just touch /dev/null like that and it will
work. You need to actually mount a devfs. The rc.d script included
with the port will do this for all users who have scponlyc set as
their login shell - have you looked at using that?

-- 
Rob Farmer
Comment 4 Michael Meelis 2010-02-18 19:26:44 UTC 
Hi,

It works since freebsd 6.2. On all the systems and accounts I use
this, I never had problems.

Hope this feedback helps,
Michael
-------


--[END MSG#590, LastMD5# 7ab916b90f6f68041552a401aceadfa1]---
Comment 5 Robert Farmer 2010-02-19 03:59:06 UTC 
I still think this is unnecessary because the rc.d script will handle
it for you. Please try using that and see if that solves the problem.

-- 
Rob Farmer
Comment 6 Michael Meelis 2010-02-19 09:03:12 UTC 
In my opinion the script creates an unnecessary dependency. It also
leads to confusion and thoughts is erratic behaviour. People create a
chrooted user but forget to rerun the rc.d/scponlyc and wonder why
things don=92t work. You could also consider running /usr/local/etc/rc.
d/scponlyc restart at the end of /usr/local/share/examples/scponly/
setup_chroot.sh

Maybe it helps that my suggested patch a frequented posted suggestion
is with works for scp. 

Hope this helps,
Michael
-------


--[END MSG#1, LastMD5# -]---
Comment 7 Robert Farmer 2010-02-20 05:56:58 UTC 
How about changing the note saying to run
/usr/local/share/examples/scponly/setup_chroot.sh? Something like:

To setup chroot cage, run following commands:
1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh
2) Set scponlyc_enable="YES" in /etc/rc.conf
3) Run ${LOCALBASE}/etc/rc.d/scponlyc start

I think that would make it more clear what to do and eliminate any
confusion. I'm not really a fan of deleting the rc.d script because I
think it is more correct to mount a devfs than to just touch an empty
/dev/null file.

-- 
Rob Farmer
Comment 8 Robert Farmer 2010-02-23 09:35:17 UTC 
Here's a diff to change the message:

http://www.predatorlabs.net/dl/patches/scponly-message.diff

-- 
Rob Farmer
Comment 9 Stefan Walter freebsd_committer freebsd_triage 2010-06-28 14:36:58 UTC 
State Changed
From-To: feedback->open

Maintainer has provided a patch.
Comment 10 Stefan Walter freebsd_committer freebsd_triage 2010-06-28 14:36:58 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->stefan

Take.
Comment 11 dfilter service freebsd_committer freebsd_triage 2010-06-28 14:47:29 UTC 
stefan      2010-06-28 13:47:20 UTC

  FreeBSD ports repository

  Modified files:
    shells/scponly       Makefile 
  Log:
  Make notes for setting up a chroot cage a bit more precise.
  
  PR:             144059
  Submitted by:   Michael Meelis <m.meelis@easybow.com>
  Patch by:       Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
  Feature safe:   yes
  
  Revision  Changes    Path
  1.34      +4 -2      ports/shells/scponly/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 12 Stefan Walter freebsd_committer freebsd_triage 2010-06-28 14:47:33 UTC 
State Changed
From-To: open->closed

Message update, thanks!