From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Jonathan Walther Newsgroups: gmane.comp.version-control.arch.user,gmane.emacs.devel Subject: Re: possible fix for sftp on Savannah; please try Date: Mon, 13 Oct 2003 15:41:38 -0700 Sender: gnu-arch-users-bounces+gcvau-arch-users=m.gmane.org@gnu.org Message-ID: <20031013224138.GA21254@reactor-core.org> References: <20031006112435.GA11164@reactor-core.org> <20031006193845.GA20395@reactor-core.org> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0120088655==" X-Trace: sea.gmane.org 1066086755 26283 80.91.224.253 (13 Oct 2003 23:12:35 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 13 Oct 2003 23:12:35 +0000 (UTC) Cc: gnu-arch-users@gnu.org, savannah-hackers@gnu.org, xouvert-general@nongnu.org, emacs-devel@gnu.org Original-X-From: gnu-arch-users-bounces+gcvau-arch-users=m.gmane.org@gnu.org Tue Oct 14 01:12:31 2003 Return-path: Original-Received: from monty-python.gnu.org ([199.232.76.173]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1A9Bra-0006WX-00 for ; Tue, 14 Oct 2003 01:12:30 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1A9Bjl-00027Z-6a for gcvau-arch-users@m.gmane.org; Mon, 13 Oct 2003 19:04:25 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1A9BiK-000267-Gl for gnu-arch-users@gnu.org; Mon, 13 Oct 2003 19:02:56 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1A9Bhl-0001lR-0O for gnu-arch-users@gnu.org; Mon, 13 Oct 2003 19:02:53 -0400 Original-Received: from [209.53.16.55] (helo=00-50-04-4b-bf-28.bconnected.net) by monty-python.gnu.org with smtp (Exim 4.24) id 1A9Bhk-0001kV-48 for gnu-arch-users@gnu.org; Mon, 13 Oct 2003 19:02:20 -0400 Original-Received: (qmail 21335 invoked by uid 1038); 13 Oct 2003 22:41:38 -0000 Original-To: Mathieu Roy In-Reply-To: User-Agent: Mutt/1.5.4i X-BeenThere: gnu-arch-users@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: a discussion list for all things arch-ish List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gnu-arch-users-bounces+gcvau-arch-users=m.gmane.org@gnu.org Xref: main.gmane.org gmane.comp.version-control.arch.user:17558 gmane.emacs.devel:17063 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:17063 --===============0120088655== Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 06, 2003 at 10:38:37PM +0200, Mathieu Roy wrote: >> The errors always mention premature EOF on file descriptor 4. >>=20 >> If you could install chroot-sftp.c, that would be a tremendous help in >> tracking down the problem. > >Firstly, I would to know why the current thing does not work for you >while it works for me and while I was told by several others persons, >including arch users, that it works ok. When did you last test it? I finally got a regular Savannah user account, and talked to other regular Savannah users, and unless they use ssh protocol 1, which you CANNOT chroot, they also are not able to sftp into Savannah. If you want only chrooted sftp you have to disable ssh protocol 1 entirely. The shell closes all file descriptors except 0, 1, and 2 before passing them on to programs. The sftp server expects to by invoked by sshd, not by a shell script, and so it is waiting for incoming data on file descriptor 4. For this reason I have to request you to do the following on Savannah: cd ~djw make chroot-sftp cp chroot-sftp /usr/local/bin Then in /etc/ssh/sshd_config, make sure the sftp subsystem is set like so: Subsystem sftp /usr/local/bin/chroot-sftp Restart sshd and let us know so we can test it. Good luck. Jonathan PS: Just so you can look over the source code of chroot-sftp.c, here it is. /* chroot-sftp.c krooger@debian.org Sat Oct 11 21:55:36 EDT 2003 * * Allows chrooted sftp access for Savannah projects. * * Ensures that all file descriptors opened by the ssh session, such as * 4 and up, are passed to the sftp-server program. */ #include int main(int argc, char** argv) { chroot("/upload"); execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL); } /* * arch-tag: savannah:/home/djw/chroot-sftp.c */ --=20 It's not true unless it makes you laugh, =20 but you don't understand it until it makes you weep. =20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Geek House Productions, Ltd. Providing Unix & Internet Contracting and Consulting, QA Testing, Technical Documentation, Systems Design & Implementation, General Programming, E-commerce, Web & Mail Services since 1998 Phone: 604-435-1205 Email: djw@reactor-core.org Webpage: http://reactor-core.org Address: 13685 Hilton Road, Surrey, BC --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iQCVAwUBP4sqIsK9HT/YfGeBAQEbAwP/eFiuqWcv9OcrE6lSpdOPTsrR2shRlzM8 zRNLH905inB+9sdtbR/SR84+0JX6pmI3xlZMHnNVaw8jiEMRkVkhY53K5JNrJQj2 Wxmac3IsX4b6bWlSOEYNB8spc13ShEnueF9BHk4Hjikt3ZPMzBovfYZZ1TXNPZC0 8B+h35FClt8= =XCR4 -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB-- --===============0120088655== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Gnu-arch-users mailing list Gnu-arch-users@gnu.org http://mail.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/ --===============0120088655==--