From owner-FreeBSD-users-jp@jp.FreeBSD.org Fri Jan  6 12:49:59 2006
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id k063nxX79114;
	Fri, 6 Jan 2006 12:49:59 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail.fmp.to (mail.fmp.to [2001:268:304:a510::14])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet6 id k063nv979109
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Fri, 6 Jan 2006 12:49:57 +0900 (JST)
	(envelope-from paseri@fmp.to)
Received: from 1034-takefu (bit-drive.ae-osaka.co.jp [218.42.150.73])
	by mail.fmp.to (Postfix) with ESMTP id 7CCBBDDC71
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Fri,  6 Jan 2006 12:49:49 +0900 (JST)
From: paseri <paseri@fmp.to>
To: FreeBSD-users-jp@jp.FreeBSD.org
Organization: FM-PASERI-NET
In-Reply-To: <20060105.181605.71172107.masahiro.higuchi@fujixerox.co.jp>
References: <20060105012628.D2B8ADDC6C@mail.fmp.to>
	<20060105.181605.71172107.masahiro.higuchi@fujixerox.co.jp>
X-Mailer: Datula version 1.51.09 for Windows
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Message-Id: <20060106034949.7CCBBDDC71@mail.fmp.to>
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 06 Jan 2006 12:49:47 +0900
X-Sequence: FreeBSD-users-jp 89036
Subject: [FreeBSD-users-jp 89036] Re: shells/rssh
 =?ISO-2022-JP?B?GyRCJEcbKEI=?= chroot
 =?ISO-2022-JP?B?GyRCJE5AX0RqO34kSxsoQg==?= wordexp()
 bad syntax =?ISO-2022-JP?B?GyRCJCw9UCRrGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: paseri@fmp.to
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+051217

$B$?$1$U!wBg:eK-Cf$G$9!#(B
Higuchi Masahiro$B$5$s$N(B<20060105.181605.71172107.masahiro.higuchi@fujixerox.co.jp>$B$+$i(B

>>chrootpath = "/web"
>$B$3$l$NCf?H$,B-$j$J$$$H;W$&$N$G$9$,(B...
$B$4;XE&M-Fq$&$4$6$$$^$9!#(B

Yoshihiko Sarumaru$B$5$s$N(B<060106005303.M0101320@shimako.imasy.or.jp>$B$+$i(B
>  wordexp() $B$O$=$N<B9T$K(B sh $B$r;HMQ$7$^$9$+$i!"$3$NCf$K(B /bin/sh
>($B$H$=$l$,0MB8$9$k%i%$%V%i%j(B)$B$,4^$^$l$F$$$J$$$H<:GT$7$^$9!D!#(B
$B$3$NH/8@$G5$$,IU$$$?J,$r!"%3%T!<$7$F$_$?$N$G$9$,!"%(%i!<%a%C%;!<%8$,=P$J$/$J$C$?$b$N$N!"(B
$B0MA3!"(Bsftp $B$^$G?d0\$7$F$$$J$$$h$&$G$9!#(B

$B$^$@!"B-$j$J$$%U%!%$%k$,M-$kLd$&;v$G$7$g$&$+!)(B

$B3:Ev2U=j$N%m%0(B
>Jan  6 12:40:13 web sshd[75208]: Accepted keyboard-interactive/pam for web from * port 1076 ssh2
>Jan  6 12:40:13 web sshd[75211]: subsystem request for sftp
>Jan  6 12:40:13 web rssh[75212]: setting log facility to LOG_USER
>Jan  6 12:40:13 web rssh[75212]: allowing scp to all users
>Jan  6 12:40:13 web rssh[75212]: allowing sftp to all users
>Jan  6 12:40:13 web rssh[75212]: setting umask to 022
>Jan  6 12:40:13 web rssh[75212]: chrooting all users to /web
>Jan  6 12:40:13 web rssh[75212]: chroot cmd line: /usr/local/libexec/rssh_chroot_helper "/web" 2 "/" /usr/libexec/sftp-server

chroot $B@h$N4D6-:n@=$N0Y$K=q$$$?%9%/%j%W%H(B
>#/bin/sh
>
>OUT=/web
>
>mkdir $OUT
>mkdir $OUT/bin
>mkdir $OUT/etc
>mkdir $OUT/lib
>mkdir $OUT/libexec
>mkdir $OUT/usr
>mkdir $OUT/usr/bin
>mkdir $OUT/usr/lib
>mkdir $OUT/usr/libexec
>mkdir $OUT/usr/local
>mkdir $OUT/usr/local/bin
>mkdir $OUT/usr/local/libexec
>
>cp -p /lib/libcrypt.so.3 $OUT/lib/
>cp -p /lib/libcrypto.so.4 $OUT/lib/
>cp -p /lib/libz.so.3 $OUT/lib/
>cp -p /lib/libc.so.6 $OUT/lib/
>cp -p /lib/libmd.so.3 $OUT/lib/
>cp -p /lib/libedit.so.5 $OUT/lib/
>cp -p /lib/libncurses.so.6 $OUT/lib/
>cp -p /lib/libutil.so.5 $OUT/lib/
>cp -p /libexec/ld-elf.so.1 $OUT/libexec/
>cp -p /usr/lib/libssh.so.3 $OUT/usr/lib/
>cp -p /usr/lib/libgssapi.so.8 $OUT/usr/lib/
>cp -p /usr/lib/libkrb5.so.8 $OUT/usr/lib/
>cp -p /usr/lib/libasn1.so.8 $OUT/usr/lib/
>cp -p /usr/lib/libcom_err.so.3 $OUT/usr/lib/
>cp -p /usr/lib/libroken.so.8 $OUT/usr/lib/
>
>cp -p /usr/bin/scp $OUT/usr/bin/
>cp -p /usr/libexec/sftp-server $OUT/usr/libexec/
>cp -p /usr/local/bin/rssh $OUT/usr/local/bin/
>cp -p /usr/local/libexec/rssh_chroot_helper $OUT/usr/local/libexec/
>
>cp -p /etc/master.passwd $OUT/etc/
>cp -p /etc/passwd $OUT/etc/
>cp -p /etc/localtime $OUT/etc/
>cp -p /etc/wall_cmos_clock $OUT/etc/
>
>cp -p /bin/sh $OUT/bin/
>cp -p /bin/ls $OUT/bin/
>
>pwd_mkdb -d $OUT/etc $OUT/etc/master.passwd
>
>exit

$B$=$l$G$O!#(B

-- 
paseri @ fmp.to

