david@ubuntu:~$ rsync --version
rsync version 3.0.7 protocol version 30
I'm not 100% clear on the exact implications of doing this, but it appears that forcing the rsync client to downgrade to the older version 29 rsync protocol does enable scponly-full chrooted rsync.
Verbose client output:
david@ubuntu:~$ rsync -r --protocol=29 dir1 scponly-patched@localhost:/incoming
scponly-patched@localhost's password:
scponly[1596]: chrooted binary in place, will chroot()
scponly[1596]: 3 arguments in total.
scponly[1596]: arg 0 is scponlyc
scponly[1596]: arg 1 is -c
scponly[1596]: arg 2 is rsync --server -r . /incoming
scponly[1596]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[1596]: determined USER is "scponly-patched" from environment
scponly[1596]: retrieved home directory of "/home/scponly-patched" for user "scponly-patched"
scponly[1596]: chrooting to dir: "/home/scponly-patched"
scponly[1596]: chdiring to dir: "/"
scponly[1596]: setting uid to 1002
scponly[1596]: processing request: "rsync --server -r . /incoming"
scponly[1596]: Using getopt processing for cmd /usr/bin/rsync
(username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: getopt processing returned '?' (username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: getopt processing returned '?' (username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: Found "HOME" and setting it to "/home/scponly-patched"
scponly[1596]: Environment contains "HOME=/home/scponly-patched"
scponly[1596]: Looking for 'HOME=' in 'HOME=/home/scponly-patched'
scponly[1596]: 'HOME' env entry now reads 'HOME=/home/scponly-patched'
scponly[1596]: set non-chrooted HOME environment variable to /home/scponly-patched (username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: running: /usr/bin/rsync --server -r . /incoming (username: scponly-patched(1002), IP/port: ::1 38334 22)
scponly[1596]: about to exec "/usr/bin/rsync" (username: scponly-patched(1002), IP/port: ::1 38334 22)
Verbose server auth.log output:
Nov 2 09:32:58 ubuntu sshd[1580]: Accepted password for scponly-patched from ::1 port 38334 ssh2
Nov 2 09:32:58 ubuntu sshd[1580]: pam_unix(sshd:session): session opened for user scponly-patched by (uid=0)
Nov 2 09:32:58 ubuntu scponly[1596]: chrooted binary in place, will chroot()
Nov 2 09:32:58 ubuntu scponly[1596]: 3 arguments in total.
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 0 is scponlyc
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 1 is -c
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 2 is rsync --server -r . /incoming
Nov 2 09:32:58 ubuntu scponly[1596]: opened log at LOG_AUTHPRIV, opts 0x00000029
Nov 2 09:32:58 ubuntu scponly[1596]: determined USER is "scponly-patched" from environment
Nov 2 09:32:58 ubuntu scponly[1596]: retrieved home directory of "/home/scponly-patched" for user "scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: chrooting to dir: "/home/scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: chdiring to dir: "/"
Nov 2 09:32:58 ubuntu scponly[1596]: setting uid to 1002
Nov 2 09:32:58 ubuntu scponly[1596]: processing request: "rsync --server -r . /incoming"
Nov 2 09:32:58 ubuntu scponly[1596]: Using getopt processing for cmd /usr/bin/rsync#012 (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: getopt processing returned '?' (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: getopt processing returned '?' (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: Found "HOME" and setting it to "/home/scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: Environment contains "HOME=/home/scponly-patched"
Nov 2 09:32:58 ubuntu scponly[1596]: Looking for 'HOME=' in 'HOME=/home/scponly-patched'
Nov 2 09:32:58 ubuntu scponly[1596]: 'HOME' env entry now reads 'HOME=/home/scponly-patched'
Nov 2 09:32:58 ubuntu scponly[1596]: set non-chrooted HOME environment variable to /home/scponly-patched (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: running: /usr/bin/rsync --server -r . /incoming (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu scponly[1596]: about to exec "/usr/bin/rsync" (username: scponly-patched(1002), IP/port: ::1 38334 22)
Nov 2 09:32:58 ubuntu sshd[1595]: Received disconnect from ::1: 11: disconnected by user
Nov 2 09:32:58 ubuntu sshd[1580]: pam_unix(sshd:session): session closed for user scponly-patched
This may be a potential workaround.
The last release of an rsync with version 29 protocol was 4 years ago:
Current Lucid rsync client:
david@ubuntu:~$ rsync --version
rsync version 3.0.7 protocol version 30
I'm not 100% clear on the exact implications of doing this, but it appears that forcing the rsync client to downgrade to the older version 29 rsync protocol does enable scponly-full chrooted rsync.
Verbose client output:
david@ubuntu:~$ rsync -r --protocol=29 dir1 scponly- patched@ localhost: /incoming patched@ localhost' s password: scponly- patched" for user "scponly-patched" scponly- patched" patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) scponly- patched" home/scponly- patched" home/scponly- patched' home/scponly- patched' patched (username: scponly- patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22)
scponly-
scponly[1596]: chrooted binary in place, will chroot()
scponly[1596]: 3 arguments in total.
scponly[1596]: arg 0 is scponlyc
scponly[1596]: arg 1 is -c
scponly[1596]: arg 2 is rsync --server -r . /incoming
scponly[1596]: opened log at LOG_AUTHPRIV, opts 0x00000029
scponly[1596]: determined USER is "scponly-patched" from environment
scponly[1596]: retrieved home directory of "/home/
scponly[1596]: chrooting to dir: "/home/
scponly[1596]: chdiring to dir: "/"
scponly[1596]: setting uid to 1002
scponly[1596]: processing request: "rsync --server -r . /incoming"
scponly[1596]: Using getopt processing for cmd /usr/bin/rsync
(username: scponly-
scponly[1596]: getopt processing returned '?' (username: scponly-
scponly[1596]: getopt processing returned '?' (username: scponly-
scponly[1596]: Found "HOME" and setting it to "/home/
scponly[1596]: Environment contains "HOME=/
scponly[1596]: Looking for 'HOME=' in 'HOME=/
scponly[1596]: 'HOME' env entry now reads 'HOME=/
scponly[1596]: set non-chrooted HOME environment variable to /home/scponly-
scponly[1596]: running: /usr/bin/rsync --server -r . /incoming (username: scponly-
scponly[1596]: about to exec "/usr/bin/rsync" (username: scponly-
Verbose server auth.log output:
Nov 2 09:32:58 ubuntu sshd[1580]: Accepted password for scponly-patched from ::1 port 38334 ssh2 sshd:session) : session opened for user scponly-patched by (uid=0) scponly- patched" for user "scponly-patched" scponly- patched" patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) scponly- patched" home/scponly- patched" home/scponly- patched' home/scponly- patched' patched (username: scponly- patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) patched( 1002), IP/port: ::1 38334 22) sshd:session) : session closed for user scponly-patched
Nov 2 09:32:58 ubuntu sshd[1580]: pam_unix(
Nov 2 09:32:58 ubuntu scponly[1596]: chrooted binary in place, will chroot()
Nov 2 09:32:58 ubuntu scponly[1596]: 3 arguments in total.
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 0 is scponlyc
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 1 is -c
Nov 2 09:32:58 ubuntu scponly[1596]: #011arg 2 is rsync --server -r . /incoming
Nov 2 09:32:58 ubuntu scponly[1596]: opened log at LOG_AUTHPRIV, opts 0x00000029
Nov 2 09:32:58 ubuntu scponly[1596]: determined USER is "scponly-patched" from environment
Nov 2 09:32:58 ubuntu scponly[1596]: retrieved home directory of "/home/
Nov 2 09:32:58 ubuntu scponly[1596]: chrooting to dir: "/home/
Nov 2 09:32:58 ubuntu scponly[1596]: chdiring to dir: "/"
Nov 2 09:32:58 ubuntu scponly[1596]: setting uid to 1002
Nov 2 09:32:58 ubuntu scponly[1596]: processing request: "rsync --server -r . /incoming"
Nov 2 09:32:58 ubuntu scponly[1596]: Using getopt processing for cmd /usr/bin/rsync#012 (username: scponly-
Nov 2 09:32:58 ubuntu scponly[1596]: getopt processing returned '?' (username: scponly-
Nov 2 09:32:58 ubuntu scponly[1596]: getopt processing returned '?' (username: scponly-
Nov 2 09:32:58 ubuntu scponly[1596]: Found "HOME" and setting it to "/home/
Nov 2 09:32:58 ubuntu scponly[1596]: Environment contains "HOME=/
Nov 2 09:32:58 ubuntu scponly[1596]: Looking for 'HOME=' in 'HOME=/
Nov 2 09:32:58 ubuntu scponly[1596]: 'HOME' env entry now reads 'HOME=/
Nov 2 09:32:58 ubuntu scponly[1596]: set non-chrooted HOME environment variable to /home/scponly-
Nov 2 09:32:58 ubuntu scponly[1596]: running: /usr/bin/rsync --server -r . /incoming (username: scponly-
Nov 2 09:32:58 ubuntu scponly[1596]: about to exec "/usr/bin/rsync" (username: scponly-
Nov 2 09:32:58 ubuntu sshd[1595]: Received disconnect from ::1: 11: disconnected by user
Nov 2 09:32:58 ubuntu sshd[1580]: pam_unix(
This may be a potential workaround.
The last release of an rsync with version 29 protocol was 4 years ago:
http:// rsync.samba. org/ftp/ rsync/src/ rsync-2. 6.9-NEWS
And version 30 was introduced here:
http:// rsync.samba. org/ftp/ rsync/src/ rsync-3. 0.0-NEWS
There may be some features added or bugs addressed since version 29 that may make this impractical.