RE: [proxy-suite] Chroot feature on proxy-suite
Thanks for your help. Everything seems working. Ryan Jiang Liz Claiborne, Inc. -----Original Message----- From: Marius Tomaschewski [mailto:mt@suse.de] Sent: Tuesday, July 23, 2002 2:14 PM To: proxy-suite@suse.com Subject: Re: [proxy-suite] Chroot feature on proxy-suite On Mon, Jul 22, 2002 at 03:41:57PM -0400, Ruiyuan Jiang wrote:
Thanks. It seems that I can start ftp-proxy daemon as standalone. When I tried to access outside ftp server, i.e. ftp.sun.com, I got a messages:
# ftp ftp-proxy.liz.com Connected to ftp-proxy.liz.com 220 ftp-proxy FTP server (Version 1.9 - 2002/05/02 15:14:55) ready. Name (ftp-proxy:ryan): anonymous@ftp.sun.com 501 Invalid destination in user name. Login failed. ftp>quit
I commented out "chroot" statement in the configuration file so the ftp proxy server runs as normal. I did the same thing to acess ftp.sun.com. and I can access the ftp server without problem. It seemed to me that ftp proxy server can't run chroot mode at least for client side. Is this true? Thanks in advance.
No, you need more libraries in the chroot, at _least_ the libs
you can see using ldd - for example:
# ldd ftp-proxy
libldap.so.4 => /usr/lib/libldap.so.4
libresolv.so.2 => /usr/lib/libresolv.so.2
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libc.so.1 => /usr/lib/libc.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libmp.so.2 => /usr/lib/libmp.so.2
In the case you get "Invalid destination" (like above)
the proxy is not able to resolve the hostname. Try out
using IP-Number - this may work, i.e.:
ftp ftp-proxy.liz.com
Name (ftp-proxy:ryan): anonymous@217.9.113.66
Solaris is using /etc/nsswitch.conf - you need the corresponding
libraries, i.e. if you are using following /etc/nsswitch.conf:
#
# /etc/nsswitch.dns:
#
passwd: files
group: files
hosts: files dns
you need the libraries /usr/lib/nss_files* /usr/lib/nss_dns*.
Further you need the /etc/nsswitch.conf, /etc/hosts (or
/etc/inet/hosts), /etc/host.conf(?), /etc/resolv.conf,
/etc/services and /etc/protocols in the chroot as well.
Kind regards,
Marius Tomaschewski
participants (1)
-
Ruiyuan Jiang