![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
2007-10-12 (金) 16:03:36
# cd /usr/ports/shells/scponly # make install
===> Installing for scponly-4.6_3
===> scponly-4.6_3 depends on executable: rsync - found
===> Generating temporary packing list
===> Checking if shells/scponly already installed
echo "0" > debuglevel
/usr/bin/install -c -o root -g wheel -d /usr/local/bin
/usr/bin/install -c -o root -g wheel -d /usr/local/man/man8
/usr/bin/install -c -o root -g wheel -d /usr/local/etc/scponly
/usr/bin/install -c -o root -g wheel -o 0 -g 0 scponly /usr/local/bin/scponly
/usr/bin/install -c -o root -g wheel -o 0 -g 0 -m 0644
scponly.8 /usr/local/man/man8/scponly.8
/usr/bin/install -c -o root -g wheel -o 0 -g 0 -m 0644
debuglevel /usr/local/etc/scponly/debuglevel
if test "xscponlyc" != "x"; then
/usr/bin/install -c - o root -g wheel
-d /usr/local/sbin;
rm - f /usr/local/sbin/scponlyc;
cp scponly scponlyc;
/usr/bin/install -c -o root -g wheel -o 0 -g 0 -m 4755
scponlyc /usr/local/sbin/scponlyc;
fi
Updating /etc/shells
To setup chroot cage, run following command:
cd /usr/local/share/examples/scponly/ && /bin/sh setup_chroot.sh
===> Compressing manual pages for scponly-4.6_3
===> Registering installation for scponly-4.6_3
===> SECURITY REPORT:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/scponlyc
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://www.sublimation.org/scponly/
# ./setup_chroot.sh Next we need to set the home directory for this scponly user. please note that the user's home directory MUST NOT be writeable by the scponly user. this is important so that the scponly user cannot subvert the .ssh configuration parameters. for this reason, a writeable subdirectory will be created that the scponly user can write into. -en Username to install [scponly] scptest -en home directory you wish to set for this user [/home/scptest] -en name of the writeable subdirectory [incoming] creating /home/scptest/incoming directory for uploading files Your platform (FreeBSD) does not have a platform specific setup script. This install script will attempt a best guess. If you perform customizations, please consider sending me your changes. Look to the templates in build_extras/arch. - joe at sublimation dot org please set the password for scptest: Changing local password for scptest New Password: Retype New Password: if you experience a warning with winscp regarding groups, please install the provided hacked out fake groups program into your chroot, like so: cp groups /home/scptest/bin/groups
セッションは予期せずに閉じられました サーバはコマンドの戻り値 1 を出力しました
# cp /usr/bin/groups /usr/home/scptest/bin/
http://subtech.g.hatena.ne.jp/otsune/20070529/scponlycupdate
scponly-options.png