'chroot works for one ID but not another.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rssh-discuss
Subject:    chroot works for one ID but not another.
From:       William Kwan <potatok () yahoo ! com>
Date:       2013-11-02 10:52:48
Message-ID: 1383389568.35370.YahooMailNeo () web164905 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi all,

I'm running a test setup on CentOS 6.4 with rssh 2.3.3-2

What I try to archive is setting up two scp/sftp account with separated filesystems \
and chroot environment.  (Let me know there's another way to isolated what two ID can \
see) I setup ID ftp1 successfully an login as expected.  
Then clone ftp1 to ftp2. however it is just not working with chroot.  Any suggestion?

/etc/passwd:
ftp1:x:1026:999::/chroot/ftp1/ftp1:/usr/bin/rssh
ftp2:x:1027:999::/chroot/ftp2/ftp2:/usr/bin/rssh

/etc/rssh.conf
logfacility = LOG_USER
allowscp

allowsftp
umask = 022

user=ftp1:022:00011:/chroot/ftp1

user=ftp2:022:00011:/chroot/ftp2

Filesystems:
# pwd
/chroot
# ls -l
drwx------ 10 ftp1   fmguest 4096 Nov  2 05:34 ftp1

drwx------ 11 ftp2   fmguest 4096 Nov  2 05:31 ftp2


For ftp1
==========
# cat /chroot/ftp1/etc/passwd
ftp1:x:1026:999::/ftp1:/usr/bin/rssh

For ftp2
==========
# cat /chroot/ftp2/etc/passwd
ftp2:x:1027:999::/ftp2:/usr/bin/rssh


Test
=========
# sftp ftp1@testhost
Connecting to testhost..
ftp1@testhost's password:
sftp> pwd
Remote working directory: /ftp1
sftp> exit

# sftp ftp2@testhost
Connecting to testhost...
ftp2@testhost's password:
Connection closed


[Attachment #5 (text/html)]

<html><body><div style="color:#000; background-color:#fff; font-family:times new \
roman, new york, times, serif;font-size:12pt"><div style="font-size: 12pt;">Hi \
all,</div><div style="font-size: 12pt;"><br></div><div style="background-color: \
transparent;">I'm running a test setup on CentOS 6.4 with rssh 2.3.3-2</div><div \
style="background-color: transparent;"><br></div><div style="background-color: \
transparent;">What I try to archive is setting up two scp/sftp account with separated \
filesystems and chroot environment. &nbsp;(Let me know there's another way to \
isolated what two ID can see)</div><div style="background-color: transparent;">I \
setup ID ftp1 successfully an login as expected. &nbsp;</div><div \
style="background-color: transparent;">Then clone ftp1 to ftp2. however it is just \
not working with chroot. &nbsp;Any suggestion?</div><div style="background-color: \
transparent;"><br></div><div style="background-color: \
transparent;">/etc/passwd:</div><div  style="background-color: transparent;"><font \
face="times new roman, new york, times, \
serif">ftp1:x:1026:999::/chroot/ftp1/ftp1:/usr/bin/rssh</font></div><div \
style="background-color: transparent;"><font face="times new roman, new york, times, \
serif">ftp2:x:1027:999::/chroot/ftp2/ftp2:/usr/bin/rssh</font></div><div \
style="font-size: 12pt;"><br></div><div style="font-size: \
12pt;">/etc/rssh.conf</div><div><div><font face="times new roman, new york, times, \
serif">logfacility = LOG_USER</font></div><div>allowscp<br></div><div><font \
face="times new roman, new york, times, serif">allowsftp</font></div><div>umask = \
022<br></div><div>user=ftp1:022:00011:/chroot/ftp1<br></div><div><font face="times \
new roman, new york, times, serif">user=ftp2:022:00011:/chroot/ftp2</font></div><div \
style="font-size: 12pt;"><br></div><div style="font-size: \
12pt;">Filesystems:</div><div><div><font face="times new roman, new york, times, \
serif"># pwd</font></div><div><font  face="times new roman, new york, times, \
serif">/chroot</font></div><div><font face="times new roman, new york, times, \
serif"># ls -l</font></div><div>drwx------ 10 ftp1 &nbsp; fmguest 4096 Nov &nbsp;2 \
05:34 ftp1<br></div><div><font face="times new roman, new york, times, \
serif">drwx------ 11 ftp2 &nbsp; fmguest 4096 Nov &nbsp;2 05:31 \
ftp2</font></div><div><br></div><div><br></div><div>For \
ftp1</div><div><div>==========</div><div># cat \
/chroot/ftp1/etc/passwd</div><div>ftp1:x:1026:999::/ftp1:/usr/bin/rssh</div><div><br></div></div><div>For \
ftp2</div><div>==========</div><div><div># cat \
/chroot/ftp2/etc/passwd</div><div>ftp2:x:1027:999::/ftp2:/usr/bin/rssh<br></div><div><br></div><div>Test</div><div>=========</div><div><div># \
sftp ftp1@testhost</div><div>Connecting to testhost..</div><div>ftp1@testhost's \
password:</div><div>sftp&gt; pwd</div><div>Remote working directory: \
/ftp1</div><div>sftp&gt; exit</div><div><br></div><div># sftp  \
ftp2@testhost</div><div>Connecting to testhost...</div><div>ftp2@testhost's \
password:</div><div>Connection \
closed</div><div><br></div></div></div></div></div></div></body></html>



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk

_______________________________________________
rssh-discuss mailing list
rssh-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rssh-discuss


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic