Public bug reported:
Binary package hint: scponly
Binary package hint: scponly-full
The package scponly-full that allows chrooted scponly access prevents
rsync from being used to transfer files, due to the presence of a "-e"
option.
Versions
$ lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
$ apt-cache policy scponly-full
scponly-full:
Installed: 4.8-4
Candidate: 4.8-4
Version table:
*** 4.8-4 0
500 http://archive.ubuntu.com/ubuntu/ lucid/universe Packages
100 /var/lib/dpkg/status
da...@ubuntu:~$ apt-cache policy rsync
rsync:
Installed: 3.0.7-1ubuntu1
Candidate: 3.0.7-1ubuntu1
Version table:
*** 3.0.7-1ubuntu1 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
100 /var/lib/dpkg/status
Steps To Reproduce
Install clean VM of Lucid server, patch, install latest scponly-full and
then create a test scponly user. Unfortunately there is a bug in the
current Lucid scponly-full package that prevents this from working out
of the box, so had to follow the process and workaround documented in
bug 668366:
https://bugs.launchpad.net/ubuntu/+source/scponly/+bug/668366
Once scponly-full is working correctly, create some test content and try
copying the data to the scponly user's incoming directory:
cd ~
mkdir dir1
echo hello > dir1/file1
rsync -rvvvvvvvvv dir1 scponly-patc...@localhost:/incoming
Client output:
rsync -rvvvvvvvvv dir1 scponly-patc...@localhost:/incoming
FILE_STRUCT_LEN=24, EXTRA_LEN=4
cmd=<NULL> machine=localhost user=scponly-patched path=/incoming
cmd[0]=ssh cmd[1]=-l cmd[2]=scponly-patched cmd[3]=localhost cmd[4]=rsync
cmd[5]=--server cmd[6]=-vvvvvvvvvre.iLsf cmd[7]=. cmd[8]=/incoming
opening connection using: ssh -l scponly-patched localhost rsync --server
-vvvvvvvvvre.iLsf . /incoming
note: iconv_open("UTF-8", "UTF-8") succeeded.
Tailing server auth.log shows:
Nov 2 09:24:59 ubuntu sshd[1427]: Accepted password for scponly-patched from
::1 port 36359 ssh2
Nov 2 09:24:59 ubuntu sshd[1427]: pam_unix(sshd:session): session opened for
user scponly-patched by (uid=0)
Nov 2 09:24:59 ubuntu scponly[1443]: option 'e' or a related long option is
not permitted for use with /usr/bin/rsync (arg was .iLsf) (username:
scponly-patched(1002), IP/port: ::1 36359 22))
Nov 2 09:24:59 ubuntu scponly[1443]: requested command (/usr/bin/rsync
--server -vvvvvvvvvre.iLsf . /incoming) tried to use disallowed argument
(username: scponly-patched(1002), IP/port: ::1 36359 22))
Nov 2 09:24:59 ubuntu sshd[1442]: Received disconnect from ::1: 11:
disconnected by user
Nov 2 09:24:59 ubuntu sshd[1427]: pam_unix(sshd:session): session closed for
user scponly-patched
Enable more verbose debugging on the server:
echo 2 > /etc/scponly/debuglevel
Verbose client output:
da...@ubuntu:~$ rsync -rvvvvvvvvv dir1 scponly-patc...@localhost:/incoming
FILE_STRUCT_LEN=24, EXTRA_LEN=4
cmd=<NULL> machine=localhost user=scponly-patched path=/incoming
cmd[0]=ssh cmd[1]=-l cmd[2]=scponly-patched cmd[3]=localhost cmd[4]=rsync
cmd[5]=--server cmd[6]=-vvvvvvvvvre.iLsf cmd[7]=. cmd[8]=/incoming
opening connection using: ssh -l scponly-patched localhost rsync --server
-vvvvvvvvvre.iLsf . /incoming
note: iconv_open("UTF-8", "UTF-8") succeeded.
scponly-patc...@localhost's password:
scponly[1516]: chrooted binary in place, will chroot()
scponly[1516]: 3 arguments in total.
scponly[1516]: arg 0 is scponlyc
scponly[1516]: arg 1 is -c
scponly[1516]: arg 2 is rsync --server -vvvvvvvvvre.iLsf . /incoming
scponly[1516]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[1516]: determined USER is "scponly-patched" from environment
scponly[1516]: retrieved home directory of "/home/scponly-patched" for user
"scponly-patched"
scponly[1516]: chrooting to dir: "/home/scponly-patched"
scponly[1516]: chdiring to dir: "/"
scponly[1516]: setting uid to 1002
scponly[1516]: processing request: "rsync --server -vvvvvvvvvre.iLsf .
/incoming"
scponly[1516]: Using getopt processing for cmd /usr/bin/rsync
(username: scponly-patched(1002), IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned '?' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: getopt processing returned 'e' (username: scponly-patched(1002),
IP/port: ::1 36361 22)
scponly[1516]: option 'e' or a related long option is not permitted for use
with /usr/bin/rsync (arg was .iLsf) (username: scponly-patched(1002), IP/port:
::1 36361 22))
scponly[1516]: requested command (/usr/bin/rsync --server -vvvvvvvvvre.iLsf .
/incoming) tried to use disallowed argument (username: scponly-patched(1002),
IP/port: ::1 36361 22))
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
[sender] _exit_cleanup(code=12, file=io.c, line=601): entered
rsync error: error in rsync protocol data stream (code 12) at io.c(601)
[sender=3.0.7]
[sender] _exit_cleanup(code=12, file=io.c, line=601): about to call exit(12)
Tailing verbose server auth.log shows:
Nov 2 09:26:40 ubuntu sshd[1500]: Accepted password for scponly-patched from
::1 port 36361 ssh2
Nov 2 09:26:40 ubuntu sshd[1500]: pam_unix(sshd:session): session opened for
user scponly-patched by (uid=0)
Nov 2 09:26:40 ubuntu scponly[1516]: chrooted binary in place, will chroot()
Nov 2 09:26:40 ubuntu scponly[1516]: 3 arguments in total.
Nov 2 09:26:40 ubuntu scponly[1516]: #011arg 0 is scponlyc
Nov 2 09:26:40 ubuntu scponly[1516]: #011arg 1 is -c
Nov 2 09:26:40 ubuntu scponly[1516]: #011arg 2 is rsync --server
-vvvvvvvvvre.iLsf . /incoming
Nov 2 09:26:40 ubuntu scponly[1516]: opened log at LOG_AUTHPRIV, opts
0x00000029
Nov 2 09:26:40 ubuntu scponly[1516]: determined USER is "scponly-patched" from
environment
Nov 2 09:26:40 ubuntu scponly[1516]: retrieved home directory of
"/home/scponly-patched" for user "scponly-patched"
Nov 2 09:26:40 ubuntu scponly[1516]: chrooting to dir: "/home/scponly-patched"
Nov 2 09:26:40 ubuntu scponly[1516]: chdiring to dir: "/"
Nov 2 09:26:40 ubuntu scponly[1516]: setting uid to 1002
Nov 2 09:26:40 ubuntu scponly[1516]: processing request: "rsync --server
-vvvvvvvvvre.iLsf . /incoming"
Nov 2 09:26:40 ubuntu scponly[1516]: Using getopt processing for cmd
/usr/bin/rsync#012 (username: scponly-patched(1002), IP/port: ::1 36361 22)
Nov 2 09:26:40 ubuntu scponly[1516]: getopt processing returned '?' (username:
scponly-patched(1002), IP/port: ::1 36361 22)
Nov 2 09:26:40 ubuntu scponly[1516]: last message repeated 10 times
Nov 2 09:26:40 ubuntu scponly[1516]: getopt processing returned 'e' (username:
scponly-patched(1002), IP/port: ::1 36361 22)
Nov 2 09:26:40 ubuntu scponly[1516]: option 'e' or a related long option is
not permitted for use with /usr/bin/rsync (arg was .iLsf) (username:
scponly-patched(1002), IP/port: ::1 36361 22))
Nov 2 09:26:40 ubuntu scponly[1516]: requested command (/usr/bin/rsync
--server -vvvvvvvvvre.iLsf . /incoming) tried to use disallowed argument
(username: scponly-patched(1002), IP/port: ::1 36361 22))
Nov 2 09:26:40 ubuntu sshd[1515]: Received disconnect from ::1: 11:
disconnected by user
Nov 2 09:26:40 ubuntu sshd[1500]: pam_unix(sshd:session): session closed for
user scponly-patched
It appears that the current versions of scponly-full and rsync are not
mutually compatible as shipped today (in addition to having broken
chrooting due to bug 668366).
** Affects: scponly (Ubuntu)
Importance: Undecided
Status: New
--
Scponly-full preventing rsync due to "-e" option
https://bugs.launchpad.net/bugs/670015
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
