Re: scponly for chrooted sftp server in cygwin
[snip] and I really had to specify liberty.a manually in the Makefile: scponly: scponly.o helper.o ${CC} ${CFLAGS} ${DEFS} -o $ at scponly.o helper.o /usr/lib/libiberty.a FWIW, the approved way of doing this is ${CC} ${CFLAGS} ${DEFS} -o $ at scponly.o helper.o -L/usr/lib -liberty HTH, Igor Thank you Igor! I was quite sure that my solution was a bit crappy. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
On Thu, 10 Feb 2005, Christian Weinberger wrote: [snip] and I really had to specify liberty.a manually in the Makefile: scponly: scponly.o helper.o ${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o /usr/lib/libiberty.a FWIW, the approved way of doing this is ${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o -L/usr/lib -liberty HTH, Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! The Sun will pass between the Earth and the Moon tonight for a total Lunar eclipse... -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: RE: scponly for chrooted sftp server in cygwin
I solved my problem with scponly. Sftp-server could not find cygcrypto-0.9.7.dll and cygwin1.dll in the /bin of the chroot directory. I placed them in /usr/local/sbin with sftp-server and it works. :-) Running scponly 4.0-1 on windows xp with cygwin dll 1.5.12-1 Thanks for the help in setting this up. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: RE: scponly for chrooted sftp server in cygwin
Once again, thanks for the help Christian. I am now able to login to the sftp server but the connection seems to hang. This is what I login with: $ sftp [EMAIL PROTECTED] Connecting to ipaddress... [EMAIL PROTECTED]'s password: And then nothing. It just sits until I cancel the connection. However, on the server machine scponlyc.exe and sftp-server.exe startup and are shown as active processes. I am attemptin to chroot the user to the base directory / to make sure scponlyc is working. I have the following line in /etc/passwd chrtest:unused_by_nt/2000/xp:107:545:chrtest,U-PINOCCHIO \chrtest,S-1-5-21-1482476501-261478967-725345543-1007:/:/usr/local/sbin/scpo nlyc I couldn't find anything on scponly hanging at this point. Chad -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
I still get the following error during the make phase. gcc -g -O2 -I. -I. -DHAVE_CONFIG_H -DDEBUGFILE='/usr/local/etc/scponly/debuglev el' -o helper.o -c helper.c helper.c:174: warning: passing arg 1 of `strdup' makes pointer from integer with out a cast helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from integer with out a cast So do I. I simply didnt mind. During the install phase the script attempted to set some file permisissions as follows: ${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly ${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8 ${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE} This depends on your UID setup in /etc/passwd and /etc/group. Ive best experiences giving UID 0 to root and GID 0 to the root group. If you dont have any user or group with those UID/GID, the install call will fail. I changed the make file to: ${INSTALL} -o SYSTEM -g SYSTEM scponly ${bindir}/scponly ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 scponly.8 ${mandir}/man8/scponly.8 ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 debuglevel ${DEBUGFILE} And it worked fine. That should be ok. Id prefer to have root/root as the owner, but SYSTEM should work also. I tried using the setup_chroot.sh script but could not get it to work. You mentioned an alternative make tool for setting up chrooted users. Or instructions on how to manually set it up. To be honest, I didnt find it anymore. Maybe there was a much easier script available with an earlier version of scponly or rssh. However, you may setup you chroot cage on your own: 1) create a base folder (your new root) with the following subfolders /cygdrive/c/temp/sftp:{528}:$ ls -R .: bin/ etc/ lib/ pub/ usr/ ./bin: chmod.exe*cygintl-1.dll* id.exe* pwd.exe* chown.exe*cygintl-2.dll* ln.exe* rm.exe* cygcrypto-0.9.7.dll* cygwin1.dll*ls.exe* rmdir.exe* cygcrypto.dll*groups* mkdir.exe* scp.exe* cygiconv-2.dll* groups.exe* mv.exe* sftp-server.exe* ./etc: group* passwd* ./lib: libcygwin.a* ./pub: ./usr: The passwd and group in the chroot only need to contain the users who will use the chroot. These files are not used for authentification, but only for UID/GID to name mapping. 2) Setup chroot in your *regular* /etc/passwd for users to be chrooted my_chr_user:unused_by_nt/2000/xp:2019:545:my_chr_user,U-WE4\my_chr_user, S-1-5-21-zzz-xxx-yyy-2019:/root/path/of/chroot:/usr/sbin/scponlyc 3) You may need to rebuild scponlyc The path setting for sftp-server needs to match your installation. So if sftp-server.exe resides in the /bin folder in your chroot, you need to setup config.h: #define PROG_SFTP_SERVER /bin/sftp-server When the user logs in, scponlyc chroots and start sftp-server afterwards. I prefer a small shellscript using rsync to keep the files in my chroot up to date when I update cygwin. #!/bin/sh rsync -ulpogtW --existing /bin/* /root/path/of/chroot/bin rsync -ulpogtW --existing /usr/sbin/* /root/path/of/chroot/bin rsync -ulpogtW --existing /usr/lib/* /root/path/of/chroot/lib This script freshens already existing files in the chroot. This should enable you to setup the chroot manually. Regards, Christian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
I am attempting to setup and sftp server on a windows XP pro machine. I have the latest cygwin and openssh files from cygwin.com. I downloaded the scponly source files and am now attempting to compile them. I get the following error message: helper.c:12:36: libgen.h: No such file or directory Chad Just uncomment the #included libgen.h. Declarations from this file are included in one of the cygwin default includes. The only hack I had to do was to explicitly add one or two libraries in the call to the linker. Currently Ive no access to my machine. Ill check this later and post more details if I can find the old makefile. Regards, Christian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: scponly for chrooted sftp server in cygwin
Now having access to my machine, I can tell you the following: All applies to scponly 3.11 /usr/src/scponly-3.11:{509}:$ diff scponly.c scponly.c.bak 331c331 char bad_winscp3str[] = test -x /usr/sbin/sftp-server exec /usr/sbin/sftp-server test -x /usr/local/lib/sftp-server exec /usr/local/lib/sftp-server exec sftp-server; --- char bad_winscp3str[] = test -x /usr/lib/sftp-server exec /usr/lib/sftp-server test -x /usr/local/lib/sftp-server exec /usr/local/lib/sftp-server exec sftp-server; /usr/src/scponly-3.11:{510}:$ diff helper.c helper.c.bak 27a28,29 #define basename g_basename additionally comment this: /usr/src/scponly-3.11:{513}:$ grep libgen.h *.c helper.c:// #include libgen.h // basename /usr/src/scponly-3.11:{512}:$ diff config.h config.h.bak 23c23 #define PROG_SFTP_SERVER /bin/sftp-server --- #define PROG_SFTP_SERVER /usr/sbin/sftp-server and I really had to specify liberty.a manually in the Makefile: scponly: scponly.o helper.o ${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o /usr/lib/libiberty.a Now that is not structured very well, but I hope it will help you to make you way through. Regards, Christian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: scponly for chrooted sftp server in cygwin
Thank you for the help Christian, I was able to make and install scponly. I still get the following error during the make phase. gcc -g -O2 -I. -I. -DHAVE_CONFIG_H -DDEBUGFILE='/usr/local/etc/scponly/debuglev el' -o helper.o -c helper.c helper.c:174: warning: passing arg 1 of `strdup' makes pointer from integer with out a cast helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from integer with out a cast During the install phase the script attempted to set some file permisissions as follows: ${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly ${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8 ${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE} but was returing an error message: install: cannot change ownership of '/usr/local/bin/scponly' I changed the make file to: ${INSTALL} -o SYSTEM -g SYSTEM scponly ${bindir}/scponly ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 scponly.8 ${mandir}/man8/scponly.8 ${INSTALL} -o SYSTEM -g SYSTEM -m 0644 debuglevel ${DEBUGFILE} And it worked fine. I tried using the setup_chroot.sh script but could not get it to work. You mentioned an alternative make tool for setting up chrooted users. Or instructions on how to manually set it up. Your help is greatly appreciated. Chad -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
scponly for chrooted sftp server in cygwin
Hi, I am attempting to setup and sftp server on a windows XP pro machine. I have the latest cygwin and openssh files from cygwin.com. I downloaded the scponly source files and am now attempting to compile them. I get the following error message: $ make gcc -g -O2 -I. -I. -DHAVE_CONFIG_H -DDEBUGFILE='/usr/local/etc/scponly/debuglev el' -o scponly.o -c scponly.c gcc -g -O2 -I. -I. -DHAVE_CONFIG_H -DDEBUGFILE='/usr/local/etc/scponly/debuglev el' -o helper.o -c helper.c helper.c:12:36: libgen.h: No such file or directory helper.c: In function `substitute_known_path': helper.c:174: warning: passing arg 1 of `strdup' makes pointer from integer with out a cast helper.c:179: warning: passing arg 1 of `strcmp' makes pointer from integer with out a cast make: *** [helper.o] Error 1 I have only found a single post http://www.cygwin.com/ml/cygwin/2004-11/msg01184.html that says scponly compiles easily under the new cygwin releases with a few modifications to the makefile, but it doesn't say what those are. I have included the configure utility screen output, the makefile, and helper.c file. I would greatly appreciate any help on this. Thanks, Chad # Autoconfed stuff srcdir = . prefix := /usr/local exec_prefix := ${prefix} bindir = ${exec_prefix}/bin sbindir = ${exec_prefix}/sbin mandir = ${prefix}/man CFLAGS = -g -O2 -I$(srcdir) -I. INSTALL = /usr/bin/install -c CC = gcc CHROOTED_NAME= scponlyc CONFDIR := ${prefix}/etc/scponly DEBUGFILE := ${CONFDIR}/debuglevel DEFS:= -DHAVE_CONFIG_H -DDEBUGFILE='${DEBUGFILE}' LN_S = ln -s all: scponly groups clean: rm -f *.o scponly *~ debuglevel ${CHROOTED_NAME} groups love: clean all scponly: scponly.o helper.o ${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o groups: groups.c ${CC} ${CFLAGS} ${DEFS} -o $@ $ scponly.o: scponly.c config.h scponly.h ${CC} ${CFLAGS} ${DEFS} -o $@ -c $ helper.o: helper.c config.h scponly.h ${CC} ${CFLAGS} ${DEFS} -o $@ -c $ install: scponly debuglevel scponly.8 ${INSTALL} -d ${bindir} ${INSTALL} -d ${mandir}/man8 ${INSTALL} -d ${CONFDIR} ${INSTALL} -o 0 -g 0 scponly ${bindir}/scponly ${INSTALL} -o 0 -g 0 -m 0644 scponly.8 ${mandir}/man8/scponly.8 ${INSTALL} -o 0 -g 0 -m 0644 debuglevel ${DEBUGFILE} if test x${CHROOTED_NAME} != x; then\ ${INSTALL} -d ${sbindir}; \ rm -f ${sbindir}/${CHROOTED_NAME}; \ cp scponly ${CHROOTED_NAME};\ ${INSTALL} -o 0 -g 0 -m 4755 ${CHROOTED_NAME} ${sbindir}/${CHROOTED_NAME}; \ fi debuglevel: echo 0 $@ jail: install chmod u+x ./setup_chroot.sh ./setup_chroot.sh distclean: clean rm -fr autom4te.cache rm -f config.h config.log config.status Makefile setup_chroot.sh maintainer-clean: distclean rm -f configure $ ./configure --enable-chrooted-binary checking build system type... i686-pc-cygwin checking host system type... i686-pc-cygwin checking for gcc... gcc checking for C compiler default output... a.exe checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... .exe checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for a BSD-compatible install... /usr/bin/install -c checking whether ln -s works... yes checking for cut... /usr/bin/cut checking for grep... /usr/bin/grep checking for sort... /usr/bin/sort checking for ldd... no checking for useradd... no checking for chown... /usr/bin/chown checking for chmod... /usr/bin/chmod checking for dirname... /usr/bin/dirname checking for id... /usr/bin/id checking for pw... no checking for rm... /usr/bin/rm checking for pwd_mkdb... no configure: enabling core WinSCP and Vanilla SCP binaries... checking for sftp-server... /usr/sbin/sftp-server checking for ls... /bin/ls checking for scp... /bin/scp checking for rm... /bin/rm checking for ln... /bin/ln checking for mv... /bin/mv checking for chmod... /bin/chmod checking for chown... /bin/chown checking for chgrp... /bin/chgrp checking for mkdir... /bin/mkdir checking for rmdir... /bin/rmdir configure: enabling WinSCP compatability... checking for pwd... /bin/pwd checking for groups... /bin/groups checking for id... /bin/id checking for echo... /bin/echo configure: enabling SFTP compatability... checking for sftp-server... (cached) /usr/sbin/sftp-server checking how to run the C preprocessor... gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking