This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: scponly for chrooted sftp server in cygwin
- From: Christian Weinberger <christian dot weinberger at directbox dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 11 Feb 2005 14:39:35 +0000 (UTC)
- Subject: Re: scponly for chrooted sftp server in cygwin
- References: <200502102110.j1ALAjD5018086@pilsener.srv.ualberta.ca>
> I still get the following error during the make phase.
>
> gcc -g -O2 -I. -I. -DHAVE_CONFIG_H
> -DDEBUGFILE='"/usr/local/etc/scponly/debuglev
> el"' -o helper.o -c helper.c
> helper.c:174: warning: passing arg 1 of `strdup' makes pointer from
> integer with
> out a cast
> helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from
> integer with
> out a cast
So do I. I simply didnÂt mind.
> During the install phase the script attempted to set some file permisissions
> as follows:
> ${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly
> ${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8
> ${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE}
This depends on your UID setup in /etc/passwd and /etc/group.
IÂve best experiences giving UID 0 to root and GID 0 to the root group. If you
donÂt have any user or group with those UID/GID, the install call will fail.
>
> I changed the make file to:
> ${INSTALL} -o SYSTEM -g SYSTEM scponly ${bindir}/scponly
> ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 scponly.8
> ${mandir}/man8/scponly.8
> ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 debuglevel ${DEBUGFILE}
> And it worked fine.
>
That should be ok. IÂd prefer to have root/root as the owner, but SYSTEM should
work also.
> I tried using the setup_chroot.sh script but could not get it to work. You
> mentioned an alternative make tool for setting up chrooted users. Or
> instructions on how to manually set it up.
To be honest, I didnÂt find it anymore. Maybe there was a much easier script
available with an earlier version of scponly or rssh.
However, you may setup you chroot cage on your own:
1) create a base folder (your new root) with the following subfolders
/cygdrive/c/temp/sftp:{528}:$ ls -R
.:
bin/ etc/ lib/ pub/ usr/
./bin:
chmod.exe* cygintl-1.dll* id.exe* pwd.exe*
chown.exe* cygintl-2.dll* ln.exe* rm.exe*
cygcrypto-0.9.7.dll* cygwin1.dll* ls.exe* rmdir.exe*
cygcrypto.dll* groups* mkdir.exe* scp.exe*
cygiconv-2.dll* groups.exe* mv.exe* sftp-server.exe*
./etc:
group* passwd*
./lib:
libcygwin.a*
./pub:
./usr:
The passwd and group in the chroot only need to contain the users who will use
the chroot. These files are not used for authentification, but only for UID/GID
to name mapping.
2) Setup chroot in your *regular* /etc/passwd for users to be chrooted
my_chr_user:unused_by_nt/2000/xp:2019:545:my_chr_user,U-WE4\my_chr_user,
S-1-5-21-zzz-xxx-yyy-2019:/root/path/of/chroot:/usr/sbin/scponlyc
3) You may need to rebuild scponlyc
The path setting for sftp-server needs to match your installation.
So if sftp-server.exe resides in the /bin folder in your chroot, you need to
setup config.h:
#define PROG_SFTP_SERVER "/bin/sftp-server"
When the user logs in, scponlyc chroots and start sftp-server afterwards.
I prefer a small shellscript using rsync to keep the files in my chroot up to
date when I update cygwin.
#!/bin/sh
rsync -ulpogtW --existing /bin/* /root/path/of/chroot/bin
rsync -ulpogtW --existing /usr/sbin/* /root/path/of/chroot/bin
rsync -ulpogtW --existing /usr/lib/* /root/path/of/chroot/lib
This script freshens already existing files in the chroot.
This should enable you to setup the chroot manually.
Regards,
Christian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/