What do you do when a friend wants to send you some special digital xmas present? Setup a ftp server or use your existing ssh infrastructure to create a secure connection between both? I decided to do the latter one because last time I did it was only an emerge scponly which created everything for me.
I should have taken a look at the bug count of the debian package [1] before deciding such thing, but none the less it is possible to run it under debian lenny amd64.
The first thing I've noticed is that nothing will be initialised by default and the setup script is compressed in share/docs. So the first thing which must be done is to become root, copy the whole directory inside your home directory and run the initialisation script.
cp -r /usr/share/doc/scponly/setup_chroot/ .
cd setup_chroot
gunzip setup_chroot.sh.gz
sh setup_chroot.sh
I've used the default values but this creates an unusable chroot. The first thing we should do is to set the suid bit of /usr/sbin/scponlyc with chmod +s /usr/sbin/scponlyc so it can use the chroot() syscall.
sftp-server will still not work because /dev/null is missing and the amd64 ld-loader for /usr/lib/sftp-server wasn't copied to the chroot.
mkdir /home/scponly/dev
mknod --mode=0666 /home/scponly/dev/null c 1 3
cp /lib/ld-linux-x86-64.so.2 /home/scponly/lib/
ln -s lib /home/scponly/lib64
I hope that it works now... otherwise it can help a lot to change
/etc/scponly/debuglevel to 1 and connect with sftp -v scponly@localhost
for more debug output.
- [1] https://bugs.debian.org/scponly