Re: scponly for chrooted sftp server in cygwin
[snip]
and I really had to specify liberty.a manually in the Makefile:
scponly: scponly.o helper.o
${CC} ${CFLAGS} ${DEFS} -o $ at scponly.o helper.o
/usr/lib/libiberty.a
FWIW, the approved way of doing this is
${CC} ${CFLAGS} ${DEFS} -o $ at scponly.o helper.o -L/usr/lib
-liberty
HTH,
Igor
Thank you Igor!
I was quite sure that my solution was a bit crappy.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
On Thu, 10 Feb 2005, Christian Weinberger wrote:
[snip]
and I really had to specify liberty.a manually in the Makefile:
scponly: scponly.o helper.o
${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o /usr/lib/libiberty.a
FWIW, the approved way of doing this is
${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o -L/usr/lib -liberty
HTH,
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_[EMAIL PROTECTED]
ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED]
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse... -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
RE: RE: scponly for chrooted sftp server in cygwin
I solved my problem with scponly. Sftp-server could not find cygcrypto-0.9.7.dll and cygwin1.dll in the /bin of the chroot directory. I placed them in /usr/local/sbin with sftp-server and it works. :-) Running scponly 4.0-1 on windows xp with cygwin dll 1.5.12-1 Thanks for the help in setting this up. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: RE: scponly for chrooted sftp server in cygwin
Once again, thanks for the help Christian. I am now able to login to the sftp server but the connection seems to hang. This is what I login with: $ sftp [EMAIL PROTECTED] Connecting to ipaddress... [EMAIL PROTECTED]'s password: And then nothing. It just sits until I cancel the connection. However, on the server machine scponlyc.exe and sftp-server.exe startup and are shown as active processes. I am attemptin to chroot the user to the base directory / to make sure scponlyc is working. I have the following line in /etc/passwd chrtest:unused_by_nt/2000/xp:107:545:chrtest,U-PINOCCHIO \chrtest,S-1-5-21-1482476501-261478967-725345543-1007:/:/usr/local/sbin/scpo nlyc I couldn't find anything on scponly hanging at this point. Chad -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
I still get the following error during the make phase.
gcc -g -O2 -I. -I. -DHAVE_CONFIG_H
-DDEBUGFILE='/usr/local/etc/scponly/debuglev
el' -o helper.o -c helper.c
helper.c:174: warning: passing arg 1 of `strdup' makes pointer from
integer with
out a cast
helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from
integer with
out a cast
So do I. I simply didnt mind.
During the install phase the script attempted to set some file permisissions
as follows:
${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly
${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8
${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE}
This depends on your UID setup in /etc/passwd and /etc/group.
Ive best experiences giving UID 0 to root and GID 0 to the root group. If you
dont have any user or group with those UID/GID, the install call will fail.
I changed the make file to:
${INSTALL} -o SYSTEM -g SYSTEM scponly ${bindir}/scponly
${INSTALL} -o SYSTEM -g SYSTEM -m 0644 scponly.8
${mandir}/man8/scponly.8
${INSTALL} -o SYSTEM -g SYSTEM -m 0644 debuglevel ${DEBUGFILE}
And it worked fine.
That should be ok. Id prefer to have root/root as the owner, but SYSTEM should
work also.
I tried using the setup_chroot.sh script but could not get it to work. You
mentioned an alternative make tool for setting up chrooted users. Or
instructions on how to manually set it up.
To be honest, I didnt find it anymore. Maybe there was a much easier script
available with an earlier version of scponly or rssh.
However, you may setup you chroot cage on your own:
1) create a base folder (your new root) with the following subfolders
/cygdrive/c/temp/sftp:{528}:$ ls -R
.:
bin/ etc/ lib/ pub/ usr/
./bin:
chmod.exe*cygintl-1.dll* id.exe* pwd.exe*
chown.exe*cygintl-2.dll* ln.exe* rm.exe*
cygcrypto-0.9.7.dll* cygwin1.dll*ls.exe* rmdir.exe*
cygcrypto.dll*groups* mkdir.exe* scp.exe*
cygiconv-2.dll* groups.exe* mv.exe* sftp-server.exe*
./etc:
group* passwd*
./lib:
libcygwin.a*
./pub:
./usr:
The passwd and group in the chroot only need to contain the users who will use
the chroot. These files are not used for authentification, but only for UID/GID
to name mapping.
2) Setup chroot in your *regular* /etc/passwd for users to be chrooted
my_chr_user:unused_by_nt/2000/xp:2019:545:my_chr_user,U-WE4\my_chr_user,
S-1-5-21-zzz-xxx-yyy-2019:/root/path/of/chroot:/usr/sbin/scponlyc
3) You may need to rebuild scponlyc
The path setting for sftp-server needs to match your installation.
So if sftp-server.exe resides in the /bin folder in your chroot, you need to
setup config.h:
#define PROG_SFTP_SERVER /bin/sftp-server
When the user logs in, scponlyc chroots and start sftp-server afterwards.
I prefer a small shellscript using rsync to keep the files in my chroot up to
date when I update cygwin.
#!/bin/sh
rsync -ulpogtW --existing /bin/* /root/path/of/chroot/bin
rsync -ulpogtW --existing /usr/sbin/* /root/path/of/chroot/bin
rsync -ulpogtW --existing /usr/lib/* /root/path/of/chroot/lib
This script freshens already existing files in the chroot.
This should enable you to setup the chroot manually.
Regards,
Christian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
I am attempting to setup and sftp server on a windows XP pro machine. I have the latest cygwin and openssh files from cygwin.com. I downloaded the scponly source files and am now attempting to compile them. I get the following error message: helper.c:12:36: libgen.h: No such file or directory Chad Just uncomment the #included libgen.h. Declarations from this file are included in one of the cygwin default includes. The only hack I had to do was to explicitly add one or two libraries in the call to the linker. Currently Ive no access to my machine. Ill check this later and post more details if I can find the old makefile. Regards, Christian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
Now having access to my machine, I can tell you the following:
All applies to scponly 3.11
/usr/src/scponly-3.11:{509}:$ diff scponly.c scponly.c.bak
331c331
char bad_winscp3str[] = test -x /usr/sbin/sftp-server exec
/usr/sbin/sftp-server test -x /usr/local/lib/sftp-server exec
/usr/local/lib/sftp-server exec sftp-server;
---
char bad_winscp3str[] = test -x /usr/lib/sftp-server exec
/usr/lib/sftp-server test -x /usr/local/lib/sftp-server exec
/usr/local/lib/sftp-server exec sftp-server;
/usr/src/scponly-3.11:{510}:$ diff helper.c helper.c.bak
27a28,29
#define basename g_basename
additionally comment this:
/usr/src/scponly-3.11:{513}:$ grep libgen.h *.c
helper.c:// #include libgen.h // basename
/usr/src/scponly-3.11:{512}:$ diff config.h config.h.bak
23c23
#define PROG_SFTP_SERVER /bin/sftp-server
---
#define PROG_SFTP_SERVER /usr/sbin/sftp-server
and I really had to specify liberty.a manually in the Makefile:
scponly: scponly.o helper.o
${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o /usr/lib/libiberty.a
Now that is not structured very well, but I hope it will help you to make you
way through.
Regards,
Christian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
RE: scponly for chrooted sftp server in cygwin
Thank you for the help Christian,
I was able to make and install scponly.
I still get the following error during the make phase.
gcc -g -O2 -I. -I. -DHAVE_CONFIG_H
-DDEBUGFILE='/usr/local/etc/scponly/debuglev
el' -o helper.o -c helper.c
helper.c:174: warning: passing arg 1 of `strdup' makes pointer from
integer with
out a cast
helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from
integer with
out a cast
During the install phase the script attempted to set some file permisissions
as follows:
${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly
${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8
${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE}
but was returing an error message:
install: cannot change ownership of '/usr/local/bin/scponly'
I changed the make file to:
${INSTALL} -o SYSTEM -g SYSTEM scponly ${bindir}/scponly
${INSTALL} -o SYSTEM -g SYSTEM -m 0644 scponly.8
${mandir}/man8/scponly.8
${INSTALL} -o SYSTEM -g SYSTEM -m 0644 debuglevel ${DEBUGFILE}
And it worked fine.
I tried using the setup_chroot.sh script but could not get it to work. You
mentioned an alternative make tool for setting up chrooted users. Or
instructions on how to manually set it up.
Your help is greatly appreciated.
Chad
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
scponly for chrooted sftp server in cygwin
Hi,
I am attempting to setup and sftp server on a windows XP pro machine. I have
the latest cygwin and openssh files from cygwin.com. I downloaded the scponly
source files and am now attempting to compile them. I get the following error
message:
$ make
gcc -g -O2 -I. -I. -DHAVE_CONFIG_H
-DDEBUGFILE='/usr/local/etc/scponly/debuglev
el' -o scponly.o -c scponly.c
gcc -g -O2 -I. -I. -DHAVE_CONFIG_H
-DDEBUGFILE='/usr/local/etc/scponly/debuglev
el' -o helper.o -c helper.c
helper.c:12:36: libgen.h: No such file or directory
helper.c: In function `substitute_known_path':
helper.c:174: warning: passing arg 1 of `strdup' makes pointer from integer
with
out a cast
helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from integer
with
out a cast
make: *** [helper.o] Error 1
I have only found a single post
http://www.cygwin.com/ml/cygwin/2004-11/msg01184.html
that says scponly compiles easily under the new cygwin releases with a few
modifications to the makefile, but it doesn't say what those are. I have
included the configure utility screen output, the makefile, and helper.c file.
I would greatly appreciate any help on this.
Thanks,
Chad
# Autoconfed stuff
srcdir = .
prefix := /usr/local
exec_prefix := ${prefix}
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/sbin
mandir = ${prefix}/man
CFLAGS = -g -O2 -I$(srcdir) -I.
INSTALL = /usr/bin/install -c
CC = gcc
CHROOTED_NAME= scponlyc
CONFDIR := ${prefix}/etc/scponly
DEBUGFILE := ${CONFDIR}/debuglevel
DEFS:= -DHAVE_CONFIG_H -DDEBUGFILE='${DEBUGFILE}'
LN_S = ln -s
all: scponly groups
clean:
rm -f *.o scponly *~ debuglevel ${CHROOTED_NAME} groups
love: clean all
scponly: scponly.o helper.o
${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o
groups: groups.c
${CC} ${CFLAGS} ${DEFS} -o $@ $
scponly.o: scponly.c config.h scponly.h
${CC} ${CFLAGS} ${DEFS} -o $@ -c $
helper.o: helper.c config.h scponly.h
${CC} ${CFLAGS} ${DEFS} -o $@ -c $
install: scponly debuglevel scponly.8
${INSTALL} -d ${bindir}
${INSTALL} -d ${mandir}/man8
${INSTALL} -d ${CONFDIR}
${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly
${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8
${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE}
if test x${CHROOTED_NAME} != x; then\
${INSTALL} -d ${sbindir}; \
rm -f ${sbindir}/${CHROOTED_NAME}; \
cp scponly ${CHROOTED_NAME};\
${INSTALL} -o 0 -g 0 -m 4755 ${CHROOTED_NAME}
${sbindir}/${CHROOTED_NAME}; \
fi
debuglevel:
echo 0 $@
jail: install
chmod u+x ./setup_chroot.sh
./setup_chroot.sh
distclean: clean
rm -fr autom4te.cache
rm -f config.h config.log config.status Makefile setup_chroot.sh
maintainer-clean: distclean
rm -f configure
$ ./configure --enable-chrooted-binary
checking build system type... i686-pc-cygwin
checking host system type... i686-pc-cygwin
checking for gcc... gcc
checking for C compiler default output... a.exe
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... .exe
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether ln -s works... yes
checking for cut... /usr/bin/cut
checking for grep... /usr/bin/grep
checking for sort... /usr/bin/sort
checking for ldd... no
checking for useradd... no
checking for chown... /usr/bin/chown
checking for chmod... /usr/bin/chmod
checking for dirname... /usr/bin/dirname
checking for id... /usr/bin/id
checking for pw... no
checking for rm... /usr/bin/rm
checking for pwd_mkdb... no
configure: enabling core WinSCP and Vanilla SCP binaries...
checking for sftp-server... /usr/sbin/sftp-server
checking for ls... /bin/ls
checking for scp... /bin/scp
checking for rm... /bin/rm
checking for ln... /bin/ln
checking for mv... /bin/mv
checking for chmod... /bin/chmod
checking for chown... /bin/chown
checking for chgrp... /bin/chgrp
checking for mkdir... /bin/mkdir
checking for rmdir... /bin/rmdir
configure: enabling WinSCP compatability...
checking for pwd... /bin/pwd
checking for groups... /bin/groups
checking for id... /bin/id
checking for echo... /bin/echo
configure: enabling SFTP compatability...
checking for sftp-server... (cached) /usr/sbin/sftp-server
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking
