Bug 171987 - Review Request: scponly
Summary: Review Request: scponly
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Aurelien Bompard
QA Contact: David Lawrence
URL: http://togami.com/~warren/fedora/scpo...
: scponly (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2005-10-28 19:32 UTC by Warren Togami
Modified: 2010-03-22 01:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-03 16:10:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Warren Togami 2005-10-28 19:32:57 UTC
SRPM: http://togami.com/~warren/fedora/scponly-4.1-1.src.rpm
SPEC: http://togami.com/~warren/fedora/scponly.spec
Replacement shell that allows you to give users file transfer access (like scp or sftp) but not the ability to run arbitrary commands.

Comment 1 Aurelien Bompard 2005-10-28 22:12:45 UTC
Needs work:
* BuildRoot should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u}
-n) (wiki: PackagingGuidelines#BuildRoot)
* Missing BR: openssh-clients (./configure checks for them)
* Doc files are chmod +x
* System Environments/Shell not a registered group, use Applications/Internet
(as openssh itself)

Comment 3 Aurelien Bompard 2005-10-30 23:09:53 UTC
The doc files are still executable. They already are in the tarball, and the
fourth argument of %defattr is for directories. You can use
%defattr(644,root,root) instead.

Comment 5 Aurelien Bompard 2005-10-31 07:16:48 UTC
The SRPM gives a 404

Comment 6 Warren Togami 2005-10-31 15:25:04 UTC
Oops, it is actually uploaded now.

Comment 7 Aurelien Bompard 2005-10-31 15:44:39 UTC
Bad news : now /usr/share/doc/scponly-4.1 is 0644....

Comment 8 Warren Togami 2005-10-31 18:36:28 UTC
SRPM: http://togami.com/~warren/fedora/scponly-4.1-4.src.rpm
SPEC: http://togami.com/~warren/fedora/scponly.spec

%defattr(0644, root, root, 0755)
This should do it...

Comment 9 Paul Wouters 2005-10-31 20:30:35 UTC
If I read the instructions installs, I'm left confused. First of all, I believe
the default mode for any distribution should be using --enable-chroot-binary.
This *should* create an "scponlyc" binary according to the readme, but it doesn't.

There is also a mention in the installation documentation about a "scponlyrc"
file location, yet what options I can put in there is not mentioned anywhere.

Also, I believe some contrib tools to setup a chroot jail for a user with the
chroot()ed version of scponly (scponlyc) is missing.

Comment 10 Warren Togami 2005-10-31 20:45:17 UTC
It is not easy to create a chroot jail and (the more difficult part) to keep it
updated.  scponly without the chroot itself is pretty useful so I want to push
this into Extras now.  If you can think of a good solution to creating and
updating chroots, please propose solutions on fedora-extras-list and we can fold
it into a future package if accepted.

Comment 11 Aurelien Bompard 2005-10-31 23:14:11 UTC
* License seems to be BSD, not GPL
* The man page should be patched because it refers to /usr/local/bin/scponly
(and scponlyc, but if you add that later it's ok)

Comment 12 Warren Togami 2005-11-01 18:57:18 UTC
SRPM: http://togami.com/~warren/fedora/scponly-4.1-5.src.rpm
SPEC: http://togami.com/~warren/fedora/scponly.spec

Fixed path to scponly binary in both man pages and other installed docs.
Will not attempt chrooted scponly yet.

Comment 13 Aurelien Bompard 2005-11-02 08:49:09 UTC
Review for release 5:
* RPM name is OK
* Source scponly-4.1.tgz is the same as upstream
* This is the latest version
* Builds fine in mock
* rpmlint of scponly looks OK
* File list of scponly looks OK
* Works fine

Just replace /usr with %{_prefix} in the sed substitution in the spec file and
you're approved.

Comment 14 Kevin Fenzi 2010-03-22 01:05:19 UTC
*** Bug 575502 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.