From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Jan  5 10:26:32 2006
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id k051QWA07912;
	Thu, 5 Jan 2006 10:26:32 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail.fmp.to (mail.fmp.to [2001:268:304:a510::14])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet6 id k051QU907905
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 5 Jan 2006 10:26:30 +0900 (JST)
	(envelope-from paseri@fmp.to)
Received: from 1034-takefu (bit-drive.ae-osaka.co.jp [218.42.150.73])
	by mail.fmp.to (Postfix) with ESMTP id D2B8ADDC6C
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu,  5 Jan 2006 10:26:28 +0900 (JST)
From: paseri <paseri@fmp.to>
To: <FreeBSD-users-jp@jp.FreeBSD.org>
Organization: FM-PASERI-NET
X-Mailer: Datula version 1.51.09 for Windows
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Message-Id: <20060105012628.D2B8ADDC6C@mail.fmp.to>
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 05 Jan 2006 10:26:27 +0900
X-Sequence: FreeBSD-users-jp 89019
Subject: [FreeBSD-users-jp 89019] shells/rssh
 =?ISO-2022-JP?B?GyRCJEcbKEI=?= chroot
 =?ISO-2022-JP?B?GyRCJE5AX0RqO34kSxsoQg==?= wordexp()
 bad syntax =?ISO-2022-JP?B?GyRCJCw9UCRrGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: paseri@fmp.to
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+051217

$B$?$1$U!wBg:eK-Cf$G$9!#(B

$B8=:_(B 5.4-RELEASE -> 6.0-RELEASE $B$K(B make world $B$7$?4D6-2<$G!"(B
ports $B$+$i(B rssh $B$r(B make install $B$7$F@_Dj$r9T$C$F$$$^$9!#(B

chroot $B$r<B8=$7$h$&$H!"(B/usr/local/etc/rssh.conf $B$N(B chrootpath $B$rL5;XDj$+$i(B /web $B$KJQ99$7$?=j!"(B
$B0J2<$NMM$J(B log $B$,=P$F>e<j$/(B chroot $B4D6-$,:n$l$^$;$s!#(B
$B$?$@$7!"(Bchroot $B$r;XDj$7$J$1$l$P!"(Brssh $B$OF0:n$7$F$/$l$F$$$^$9!#(B
chroot $B$r<B8=$9$k0Y$K!"$I$NJU$j$rD4::$9$l$PNI$$$G$7$g$&$+!)(B

$B3:Ev2U=j$N%m%0(B
>Jan  4 18:25:38 web sshd[33970]: Accepted keyboard-interactive/pam for hogehoge from * port 1138 ssh2
>Jan  4 18:25:38 web sshd[33973]: subsystem request for sftp
>Jan  4 18:25:38 web rssh[33974]: setting log facility to LOG_USER
>Jan  4 18:25:38 web rssh[33974]: allowing scp to all users
>Jan  4 18:25:38 web rssh[33974]: allowing sftp to all users
>Jan  4 18:25:38 web rssh[33974]: setting umask to 022
>Jan  4 18:25:38 web rssh[33974]: allowing scp to all users
>Jan  4 18:25:38 web rssh[33974]: allowing sftp to all users
>Jan  4 18:25:38 web rssh[33974]: chrooting all to /web
>Jan  4 18:25:38 web rssh[33974]: chroot cmd line: /usr/local/libexec/rssh_chroot_helper "/web" 2 "/" /usr/libexec/sftp-server
>Jan  4 18:25:38 web rssh_chroot_helper[33974]: new session for hogehoge, UID=5001
>Jan  4 18:25:38 web rssh_chroot_helper[33974]: wordexp() bad syntax
>Jan  4 18:25:38 web kernel: Jan  4 18:25:38 web rssh_chroot_helper[33974]: wordexp() bad syntax

/usr/local/etc/rssh.conf
>logfacility = LOG_USER
>allowscp
>allowsftp
>umask = 022
>chrootpath = "/web"

chroot $B@h$N4D6-:n@=$N0Y$K=q$$$?%9%/%j%W%H(B
>#/bin/sh
>mkdir /web
>mkdir /web/etc
>mkdir /web/lib
>mkdir /web/usr
>mkdir /web/usr/lib
>mkdir /web/usr/libexec
>mkdir /web/usr/local/bin
>mkdir /web/usr/local/libexec
>
>cp -p /lib/libcrypt.so.3 /web/lib/
>cp -p /lib/libcrypto.so.4 /web/lib/
>cp -p /lib/libz.so.3 /web/lib/
>cp -p /lib/libc.so.6 /web/lib/
>cp -p /lib/libmd.so.3 /web/lib/
>cp -p /usr/lib/libssh.so.3 /web/usr/lib/
>cp -p /usr/lib/libgssapi.so.8 /web/usr/lib/
>cp -p /usr/lib/libkrb5.so.8 /web/usr/lib/
>cp -p /usr/lib/libasn1.so.8 /web/usr/lib/
>cp -p /usr/lib/libcom_err.so.3 /web/usr/lib/
>cp -p /usr/lib/libroken.so.8 /web/usr/lib/
>
>cp -p /usr/bin/scp /web/usr/bin/
>cp -p /usr/libexec/sftp-server /web/usr/libexec/
>cp -p /usr/local/bin/rssh /web/usr/local/bin/
>cp -p /usr/local/libexec/rssh_chroot_helper /web/usr/local/libexec/
>
>cp -p /etc/master.passwd /web/etc/
>cp -p /etc/passwd /web/etc/
>cp -p /etc/localtime /web/etc/
>cp -p /etc/wall_cmos_clock /web/etc/
>
>pwd_mkdb -d /web/etc /web/etc/master.passwd
>
>exit

$B$=$l$G$O!#(B

-- 
paseri @ fmp.to

