I am back from the farm now, and have turned my thoughts to the problems of chrooting sftp.
You have the following in /usr/local/bin/cvssh:
'X'*'sftp-server'*) # Actually run it. valid=yes /usr/sbin/chroot /upload /usr/lib/sftp-server ;;
I suggest you replace the chroot line with the following:
exec /usr/local/bin/chroot-sftp
You will find chroot-sftp.c in ~djw; you can "make chroot-sftp" to make the binary, then copy it to /usr/local/bin.
I notice that when sftp aborts the connection, it says something about "file descriptor 4". When the shell invokes chroot, it is not tying it's file descriptor 4 to that of the chroot process. By using "exec", this should work.
In case you are interested, here is the source for chroot-sftp.c:
-------- chroot-sftp.c ---------
#include <unistd.h>
int
main(int argc, char** argv)
{
chroot("/upload");
execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL);
}-------- chroot-sftp.c ---------
If this doesn't fix sftp, then we need to try the following:
In /etc/ssh/sshd_config, change the line that reads:
Subsystem sftp /usr/local/bin/cvssh
To read:
Subsystem sftp /usr/local/bin/chroot-sftp
Please let me know how this works; I know you are busy, and if I can do anything at all to help you try this out faster, please let me know.
Sincerely,
Jonathan Walther Xouvert Project Coordinator
--
It's not true unless it makes you laugh, but you don't understand it until it makes you weep.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Geek House Productions, Ltd.
Providing Unix & Internet Contracting and Consulting, QA Testing, Technical Documentation, Systems Design & Implementation, General Programming, E-commerce, Web & Mail Services since 1998
Phone: 604-435-1205 Email: [EMAIL PROTECTED] Webpage: http://reactor-core.org Address: 2459 E 41st Ave, Vancouver, BC V5R2W2
signature.asc
Description: Digital signature
_______________________________________________ Savannah-hackers mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/savannah-hackers
