solaris chroot setups?
Brought to you by:
xystrus
From: Shapiro, D. <dav...@bt...> - 2003-05-12 16:14:21
|
Anybody have the steps involved with setting up a chroot setup for rssh on solaris? I did the following so far: In /usr/local/etc/rssh.conf I set the chrootpath=/u02/ftp In /u02/ftp, I created: cmg # user etc # for password dev # created to make logging work, but not sure how to get his working in solaris var # same things for logging lib # to put libraries usr/local/bin # for the executables usr/local/libexec # for sftp-server usr/platform/SUNW,Ultra-4/lib # was a library listed as used by the executables I ran ldd on scp, sftp-server, and rssh_chroot_helper rssh_chroot_helper: libc.so.1 => /usr/lib/libc.so.1 libdl.so.1 => /usr/lib/libdl.so.1 /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1 scp: librt.so.1 => /usr/lib/librt.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libc.so.1 => /usr/lib/libc.so.1 libaio.so.1 => /usr/lib/libaio.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1 sftp-server: librt.so.1 => /usr/lib/librt.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libc.so.1 => /usr/lib/libc.so.1 libaio.so.1 => /usr/lib/libaio.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1 I copied these libraries to /u02/ftp/lib and /u02/ftp/usr/platform/SUNW,Ultra-4/lib I copied /etc/passwd to /u02/ftp/etc The user of interest line looks something like the following: cmg:x:2099:14:CMG:/u02/ftp/cmg:/usr/local/bin/rssh I am not sure what to do about logging and chroot for solaris or what I need for the dynamic linker (is this needed for solaris?) If I do not use chrootpath, the login works fine and it denies ssh type logins. If I enable th chrootpath option in /usr/local/etc/rssh.conf, it drops the connection immediately. I am not sure if this is a fair test, but running rssh_chroot_helper alone with no options causes a segmentation fault. David |