| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| To: | cygwin AT cygwin DOT com |
| From: | Christian Weinberger <christian DOT weinberger AT directbox DOT com> |
| Subject: | Re: scponly for chrooted sftp server in cygwin |
| Date: | Fri, 11 Feb 2005 14:39:35 +0000 (UTC) |
| Lines: | 97 |
| Message-ID: | <loom.20050211T151824-377@post.gmane.org> |
| References: | <200502102110 DOT j1ALAjD5018086 AT pilsener DOT srv DOT ualberta DOT ca> |
| Mime-Version: | 1.0 |
| X-Complaints-To: | usenet AT sea DOT gmane DOT org |
| X-Gmane-NNTP-Posting-Host: | main.gmane.org |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-Loom-IP: | 62.180.31.25 (Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.5) Gecko/20041122 Firefox/1.0) |
| X-Gmane-MailScanner: | Found to be clean |
| X-Gmane-MailScanner: | Found to be clean |
| X-MailScanner-From: | goc-cygwin AT m DOT gmane DOT org |
| X-MailScanner-To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
> I still get the following error during the make phase.
>
> gcc -g -O2 -I. -I. -DHAVE_CONFIG_H
> -DDEBUGFILE='"/usr/local/etc/scponly/debuglev
> el"' -o helper.o -c helper.c
> helper.c:174: warning: passing arg 1 of `strdup' makes pointer from
> integer with
> out a cast
> helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from
> integer with
> out a cast
So do I. I simply didn´t mind.
> During the install phase the script attempted to set some file permisissions
> as follows:
> ${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly
> ${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8
> ${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE}
This depends on your UID setup in /etc/passwd and /etc/group.
I´ve best experiences giving UID 0 to root and GID 0 to the root group. If you
don´t have any user or group with those UID/GID, the install call will fail.
>
> I changed the make file to:
> ${INSTALL} -o SYSTEM -g SYSTEM scponly ${bindir}/scponly
> ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 scponly.8
> ${mandir}/man8/scponly.8
> ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 debuglevel ${DEBUGFILE}
> And it worked fine.
>
That should be ok. I´d prefer to have root/root as the owner, but SYSTEM should
work also.
> I tried using the setup_chroot.sh script but could not get it to work. You
> mentioned an alternative make tool for setting up chrooted users. Or
> instructions on how to manually set it up.
To be honest, I didn´t find it anymore. Maybe there was a much easier script
available with an earlier version of scponly or rssh.
However, you may setup you chroot cage on your own:
1) create a base folder (your new root) with the following subfolders
/cygdrive/c/temp/sftp:{528}:$ ls -R
.:
bin/ etc/ lib/ pub/ usr/
./bin:
chmod.exe* cygintl-1.dll* id.exe* pwd.exe*
chown.exe* cygintl-2.dll* ln.exe* rm.exe*
cygcrypto-0.9.7.dll* cygwin1.dll* ls.exe* rmdir.exe*
cygcrypto.dll* groups* mkdir.exe* scp.exe*
cygiconv-2.dll* groups.exe* mv.exe* sftp-server.exe*
./etc:
group* passwd*
./lib:
libcygwin.a*
./pub:
./usr:
The passwd and group in the chroot only need to contain the users who will use
the chroot. These files are not used for authentification, but only for UID/GID
to name mapping.
2) Setup chroot in your *regular* /etc/passwd for users to be chrooted
my_chr_user:unused_by_nt/2000/xp:2019:545:my_chr_user,U-WE4\my_chr_user,
S-1-5-21-zzz-xxx-yyy-2019:/root/path/of/chroot:/usr/sbin/scponlyc
3) You may need to rebuild scponlyc
The path setting for sftp-server needs to match your installation.
So if sftp-server.exe resides in the /bin folder in your chroot, you need to
setup config.h:
#define PROG_SFTP_SERVER "/bin/sftp-server"
When the user logs in, scponlyc chroots and start sftp-server afterwards.
I prefer a small shellscript using rsync to keep the files in my chroot up to
date when I update cygwin.
#!/bin/sh
rsync -ulpogtW --existing /bin/* /root/path/of/chroot/bin
rsync -ulpogtW --existing /usr/sbin/* /root/path/of/chroot/bin
rsync -ulpogtW --existing /usr/lib/* /root/path/of/chroot/lib
This script freshens already existing files in the chroot.
This should enable you to setup the chroot manually.
Regards,
Christian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |