Bug 171987 - Review Request: scponly
Review Request: scponly
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Aurelien Bompard
David Lawrence
: scponly (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2005-10-28 15:32 EDT by Warren Togami
Modified: 2010-03-21 21:05 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-03 11:10:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Warren Togami 2005-10-28 15:32:57 EDT
SRPM: http://togami.com/~warren/fedora/scponly-4.1-1.src.rpm
SPEC: http://togami.com/~warren/fedora/scponly.spec
Replacement shell that allows you to give users file transfer access (like scp or sftp) but not the ability to run arbitrary commands.
Comment 1 Aurelien Bompard 2005-10-28 18:12:45 EDT
Needs work:
* BuildRoot should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u}
-n) (wiki: PackagingGuidelines#BuildRoot)
* Missing BR: openssh-clients (./configure checks for them)
* Doc files are chmod +x
* System Environments/Shell not a registered group, use Applications/Internet
(as openssh itself)
Comment 3 Aurelien Bompard 2005-10-30 18:09:53 EST
The doc files are still executable. They already are in the tarball, and the
fourth argument of %defattr is for directories. You can use
%defattr(644,root,root) instead.
Comment 5 Aurelien Bompard 2005-10-31 02:16:48 EST
The SRPM gives a 404
Comment 6 Warren Togami 2005-10-31 10:25:04 EST
Oops, it is actually uploaded now.
Comment 7 Aurelien Bompard 2005-10-31 10:44:39 EST
Bad news : now /usr/share/doc/scponly-4.1 is 0644....
Comment 8 Warren Togami 2005-10-31 13:36:28 EST
SRPM: http://togami.com/~warren/fedora/scponly-4.1-4.src.rpm
SPEC: http://togami.com/~warren/fedora/scponly.spec

%defattr(0644, root, root, 0755)
This should do it...
Comment 9 Paul Wouters 2005-10-31 15:30:35 EST
If I read the instructions installs, I'm left confused. First of all, I believe
the default mode for any distribution should be using --enable-chroot-binary.
This *should* create an "scponlyc" binary according to the readme, but it doesn't.

There is also a mention in the installation documentation about a "scponlyrc"
file location, yet what options I can put in there is not mentioned anywhere.

Also, I believe some contrib tools to setup a chroot jail for a user with the
chroot()ed version of scponly (scponlyc) is missing.
Comment 10 Warren Togami 2005-10-31 15:45:17 EST
It is not easy to create a chroot jail and (the more difficult part) to keep it
updated.  scponly without the chroot itself is pretty useful so I want to push
this into Extras now.  If you can think of a good solution to creating and
updating chroots, please propose solutions on fedora-extras-list and we can fold
it into a future package if accepted.
Comment 11 Aurelien Bompard 2005-10-31 18:14:11 EST
* License seems to be BSD, not GPL
* The man page should be patched because it refers to /usr/local/bin/scponly
(and scponlyc, but if you add that later it's ok)
Comment 12 Warren Togami 2005-11-01 13:57:18 EST
SRPM: http://togami.com/~warren/fedora/scponly-4.1-5.src.rpm
SPEC: http://togami.com/~warren/fedora/scponly.spec

Fixed path to scponly binary in both man pages and other installed docs.
Will not attempt chrooted scponly yet.
Comment 13 Aurelien Bompard 2005-11-02 03:49:09 EST
Review for release 5:
* RPM name is OK
* Source scponly-4.1.tgz is the same as upstream
* This is the latest version
* Builds fine in mock
* rpmlint of scponly looks OK
* File list of scponly looks OK
* Works fine

Just replace /usr with %{_prefix} in the sed substitution in the spec file and
you're approved.
Comment 14 Kevin Fenzi 2010-03-21 21:05:19 EDT
*** Bug 575502 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.