Current Lucid rsync client:
da...@ubuntu:~$ rsync --version
rsync version 3.0.7 protocol version 30
I'm not 100% clear on the exact implications of doing this, but it
appears that forcing the rsync client to downgrade to the older version
29 rsync protocol does enable scponly-full chrooted rsync.
Verbose client output:
da...@ubuntu:~$ rsync -r --protocol=29 dir1 scponly-patc...@localhost:/incoming
scponly-patc...@localhost's password:
scponly[1596]: chrooted binary in place, will chroot()
scponly[1596]: 3 arguments in total.
scponly[1596]: arg 0 is scponlyc
scponly[1596]: arg 1 is -c
scponly[1596]: arg 2 is rsync --server -r . /incoming
scponly[1596]: opened log at LOG_AUTHPRIV, opts 0x0029
scponly[1596]: determined USER is "scponly-patched" from environment
scponly[1596]: retrieved home directory of "/home/scponly-patched" for user
"scponly-patched"
scponly[1596]: chrooting to dir: "/home/scponly-patched"
scponly[1596]: chdiring to dir: "/"
scponly[1596]: setting uid to 1002
scponly[1596]: processing request: "rsync --server -r . /incoming"
scponly[1596]: Using getopt processing for cmd /usr/bin/rsync
(username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 38334 22)
scponly[1596]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 38334 22)
scponly[1596]: Found "HOME" and setting it to "/home/scponly-patched"
scponly[1596]: Environment contains "HOME=/home/scponly-patched"
scponly[1596]: Looking for 'HOME=' in 'HOME=/home/scponly-patched'
scponly[1596]: 'HOME' env entry now reads 'HOME=/home/scponly-patched'
scponly[1596]: set non-chrooted HOME environment variable to
/home/scponly-patched (username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: running: /usr/bin/rsync --server -r . /incoming (username:
scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: about to exec "/usr/bin/rsync" (username: scponly-patched(1002),
IP/port: ::1 38334 22)
Verbose server auth.log output:
Nov 2 09:32:58 ubuntu sshd[1580]: Accepted password for scponly-patched from
::1 port 38334 ssh2
Nov 2 09:32:58 ubuntu sshd[1580]: pam_unix(sshd:session): session opened for
user scponly-patched by (uid=0)
Nov 2 09:32:58 ubuntu scponly[1596]: chrooted binary in place, will chroot()
Nov 2 09:32:58 ubuntu scponly[1596]: 3 arguments in total.
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 0 is scponlyc
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 1 is -c
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 2 is rsync --server -r . /incoming
Nov 2 09:32:58 ubuntu scponly[1596]: opened log at LOG_AUTHPRIV, opts
0x0029
Nov 2 09:32:58 ubuntu scponly[1596]: determined USER is "scponly-patched" from
environment
Nov 2 09:32:58 ubuntu scponly[1596]: retrieved home directory of
"/home/scponly-patched" for user "scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: chrooting to dir: "/home/scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: chdiring to dir: "/"
Nov 2 09:32:58 ubuntu scponly[1596]: setting uid to 1002
Nov 2 09:32:58 ubuntu scponly[1596]: processing request: "rsync --server -r .
/incoming"
Nov 2 09:32:58 ubuntu scponly[1596]: Using getopt processing for cmd
/usr/bin/rsync#012 (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: getopt processing returned '?' (username:
scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: getopt processing returned '?' (username:
scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: Found "HOME" and setting it to
"/home/scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: Environment contains
"HOME=/home/scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: Looking for 'HOME=' in
'HOME=/home/scponly-patched'
Nov 2 09:32:58 ubuntu scponly[1596]: 'HOME' env entry now reads
'HOME=/home/scponly-patched'
Nov 2 09:32:58 ubuntu scponly[1596]: set non-chrooted HOME environment
variable to /home/scponly-patched (username: scponly-patched(1002), IP/port:
::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: running: /usr/bin/rsync --server -r .
/incoming (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: about to exec "/usr/bin/rsync" (username:
scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu sshd[1595]: Received disconnect from ::1: 11:
disconnected by user
Nov 2 09:32:58 ubuntu sshd[1580]: pam_unix(sshd:session): session closed for
user scponly-patched
This may be a potential workaround.
The last release of an rsync with version 29 protocol was 4 years ago:
http://rsync.samba.org/ftp/rsync/src/rsync-2.6.9-NEWS
And version 30 was introduced here:
http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS
There may be some features added or bugs addressed since version 29 that
may make this impractical.
** Bug watch added: Debian Bug tracker #57662