[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] chroot: ssh works, scp doesn't (more info)




> -----Original Message-----
> From: Tom Knight [mailto:thomas.knight@xxxxxxxxxx]
> Sent: 23 January 2004 10:02
> To: suse-security@xxxxxxxx
> Subject: RE: [suse-security] chroot: ssh works, scp doesn't
> 
> > >I can send a description of the setup of the chroot jail if 
> _that_ helps.
> > 
> > Please do so
> > 

I've been playing with this a lot now.

Looking at the two files /etc/passwd and /bin/compart.jail:

If I change the /etc/passwd shell for the user to /bin/bash, scp is fine.
When I cange it back to /bin/compart.jail, it's not fine, as before.

If I change /bin/compart.jail to read:
  #!/bin/bash
  /bin/bash
scp is _still_ not functioning in the same way as before

Looking at debug logging of sshd, I can see that the sudo line in the 
/bin/compart.jail is called, so I know the system does manage to read 
that file. In case you really want to know, here are its permissions:
4 -rwxr-xr-x   1 root    root    390 2004-01-23 12:09 /bin/compart.jail

So it looks like scp doesn't like the login shell being /bin/compart.jail

There must be a way.....

Tom.

---------------
Tom Knight
System Administration Officer
Arts & Humanities Data Service
Web:     http://www.ahds.ac.uk
Email:   tom.knight@xxxxxxxxxx
Tel:     (0)20 7928 7371  


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here