Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at
Bug 171987 - Review Request: scponly
Summary: Review Request: scponly
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Aurelien Bompard
QA Contact: David Lawrence
: scponly (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2005-10-28 19:32 UTC by Warren Togami
Modified: 2010-03-22 01:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-11-03 16:10:38 UTC
Type: ---

Attachments (Terms of Use)

Description Warren Togami 2005-10-28 19:32:57 UTC
Replacement shell that allows you to give users file transfer access (like scp or sftp) but not the ability to run arbitrary commands.

Comment 1 Aurelien Bompard 2005-10-28 22:12:45 UTC
Needs work:
* BuildRoot should be %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u}
-n) (wiki: PackagingGuidelines#BuildRoot)
* Missing BR: openssh-clients (./configure checks for them)
* Doc files are chmod +x
* System Environments/Shell not a registered group, use Applications/Internet
(as openssh itself)

Comment 3 Aurelien Bompard 2005-10-30 23:09:53 UTC
The doc files are still executable. They already are in the tarball, and the
fourth argument of %defattr is for directories. You can use
%defattr(644,root,root) instead.

Comment 5 Aurelien Bompard 2005-10-31 07:16:48 UTC
The SRPM gives a 404

Comment 6 Warren Togami 2005-10-31 15:25:04 UTC
Oops, it is actually uploaded now.

Comment 7 Aurelien Bompard 2005-10-31 15:44:39 UTC
Bad news : now /usr/share/doc/scponly-4.1 is 0644....

Comment 8 Warren Togami 2005-10-31 18:36:28 UTC

%defattr(0644, root, root, 0755)
This should do it...

Comment 9 Paul Wouters 2005-10-31 20:30:35 UTC
If I read the instructions installs, I'm left confused. First of all, I believe
the default mode for any distribution should be using --enable-chroot-binary.
This *should* create an "scponlyc" binary according to the readme, but it doesn't.

There is also a mention in the installation documentation about a "scponlyrc"
file location, yet what options I can put in there is not mentioned anywhere.

Also, I believe some contrib tools to setup a chroot jail for a user with the
chroot()ed version of scponly (scponlyc) is missing.

Comment 10 Warren Togami 2005-10-31 20:45:17 UTC
It is not easy to create a chroot jail and (the more difficult part) to keep it
updated.  scponly without the chroot itself is pretty useful so I want to push
this into Extras now.  If you can think of a good solution to creating and
updating chroots, please propose solutions on fedora-extras-list and we can fold
it into a future package if accepted.

Comment 11 Aurelien Bompard 2005-10-31 23:14:11 UTC
* License seems to be BSD, not GPL
* The man page should be patched because it refers to /usr/local/bin/scponly
(and scponlyc, but if you add that later it's ok)

Comment 12 Warren Togami 2005-11-01 18:57:18 UTC

Fixed path to scponly binary in both man pages and other installed docs.
Will not attempt chrooted scponly yet.

Comment 13 Aurelien Bompard 2005-11-02 08:49:09 UTC
Review for release 5:
* RPM name is OK
* Source scponly-4.1.tgz is the same as upstream
* This is the latest version
* Builds fine in mock
* rpmlint of scponly looks OK
* File list of scponly looks OK
* Works fine

Just replace /usr with %{_prefix} in the sed substitution in the spec file and
you're approved.

Comment 14 Kevin Fenzi 2010-03-22 01:05:19 UTC
*** Bug 575502 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.