Thread: rssh 2.2
Brought to you by:
xystrus
From: Yves M. <yve...@el...> - 2004-06-03 09:33:12
|
Hello, I get the 2.2 version because I'm looking for a 'cvs' support in a secured shell. I find it strange that 2.2 version has no official home page with download, FAQ and docs. Why ? Is it a fork ? Except that details, I was able to create my chroot jail (manually) and use cvs - with that trouble: In commit, cvs used "uid753" instead of "testcvs". I does not look good in cvs log. Same issue, scp refuse to work: unknown user 753 I have correctly copied /etc/nsswitch.conf, passwd and group in my jail - BUT libnss_files lacks and it is impossible to find out except with a strace chroot /myjail getent passwd testcvs run as root. That library is not refered by ldd ! So take care. I found a bug when reading the mkchroot.sh script: replace /usr/bin/scp by $prog in ldd command: for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do echo "Copying libraries for $prog." libs=`ldd /usr/bin/scp | tr -s ' ' | cut -d' ' -f3` Another point: if I do ./configure --with-scp /bin/scp --with-cvs /bin/cvs I expect the code to use that paths and not autodetected /usr/bin/scp and /usr/bin/cvs from my PATH instead of my options. Thank you for your job on that must-have tool ! -- Yves Martin |
From: Derek M. <co...@pi...> - 2004-06-04 01:28:34
|
On Thu, Jun 03, 2004 at 11:32:57AM +0200, Yves Martin wrote: > > Hello, > > I get the 2.2 version because I'm looking for a 'cvs' support in a > secured shell. I find it strange that 2.2 version has no official > home page with download, FAQ and docs. Why ? Is it a fork ? No... It's because a) I'm lazy, and b) it has a bug which I've fixed and now I need to release an update. So I never bothered to update the website, etc. I'll release 2.2.1 this weekend, I guess. > Except that details, I was able to create my chroot jail (manually) > and use cvs - with that trouble: > > In commit, cvs used "uid753" instead of "testcvs". I does not look > good in cvs log. > Same issue, scp refuse to work: unknown user 753 > > I have correctly copied /etc/nsswitch.conf, passwd and group in my > jail - BUT libnss_files lacks and it is impossible to find out except > with a > strace chroot /myjail getent passwd testcvs > run as root. That library is not refered by ldd ! So take care. If I understand you correctly, the problem was you didn't copy libnss_files.* to your jail. You're right that ldd won't show this library. However the CHROOT file specifically mentions this issue... mkchroot.sh also warns about it. > I found a bug when reading the mkchroot.sh script: > replace /usr/bin/scp by $prog in ldd command: > > for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do > echo "Copying libraries for $prog." > libs=`ldd /usr/bin/scp | tr -s ' ' | cut -d' ' -f3` Thanks, fixed. :) > Another point: if I do > ./configure --with-scp /bin/scp --with-cvs /bin/cvs > I expect the code to use that paths and not autodetected /usr/bin/scp > and /usr/bin/cvs from my PATH instead of my options. It would, if you did it correctly. You need to use the equal sign: --with-scp=/bin/scp > Thank you for your job on that must-have tool ! You're welcome! :) -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |
From: Yves M. <yve...@el...> - 2004-06-04 06:57:12
|
Derek Martin <co...@pi...> writes: > I'll release 2.2.1 this weekend, I guess. Let us know. What kind of bug ? Is it critical ? > If I understand you correctly, the problem was you didn't copy > libnss_files.* to your jail. You're right that ldd won't show this > library. However the CHROOT file specifically mentions this issue... > mkchroot.sh also warns about it. Shame on me. But it does not matter, I have learned something new by my own. > It would, if you did it correctly. You need to use the equal sign: > --with-scp=/bin/scp Argh ! I'm addicted to Perl Getopt::Long package... Thanks again -- Yves Martin |