SFTP user chroot shell path update & ls addition #2863

[phillxnet]

Correct currently ineffectual BASH path in SFTP chroot setup. Default sshd user specific config: via SFTP Share export, enforces ForceCommand internal-sftp, however future enhancements (or current by-hand "ForceCommand ..." removal) results in a chroot failure for SFTP enabled users accessing via SSH.

Fixes #2863

---

Follow-up enhancements to chroot changes last made in 5.0.11-0.

[phillxnet]

Testing

These changes are intended to fix the shell (bash) path, and unavailable ls in the chroot we setup (but don't enable) for all users (Share owners) of SFTP exports. As such we first ensure that our exiting SFTP function (of 5.0.11-0) is unchanged:
(test setup as per #2863 (comment))

SFTP

sftp sftp://sftp-user@rleap15-6.lan
Password: 
Connected to rleap15-6.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              42 Jul  8 17:48 .
drwxr-xr-x    1 0        0              42 Jul  8 17:48 ..
drwxr-xr-x    1 0        0               0 Jun 28 17:01 lib
drwxr-xr-x    1 0        0             182 Jun 28 10:23 lib64
drwxr-xr-x    1 1006     0               0 Jul  8 16:05 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr
pwd
Remote working directory: /
...

SSH into chroot

Further we now prove our chroot instantiation, along with the newly enabled ls.
N.B. This capability is disabled by default via:

rockstor-core/src/rockstor/system/ssh.py

Line 149 in 701b44c

tfo.write("\tForceCommand internal-sftp\n")

and by default results in the following:

ssh sftp-user@rleap15-6.lan
Password: 
This service allows sftp connections only.
Connection to rleap15-6.lan closed.

The following is the result of

1. Deleting the above ForceCommand line and rebooting (stop/start all rockstor* services).
2. Deleting & recreating the relevant SFTP export (to re-instantiate the user specific ssh config).
   Representing a by-hand advance enablement of SSH access, or a future Web-UI enablement of the same.

ssh sftp-user@rleap15-6.lan
Password: 
Have a lot of fun...
Last login: ...
-bash-4.4$ ls -la
total 0
drwxr-xr-x 1    0 0  42 Jul  8 17:48 .
drwxr-xr-x 1    0 0  42 Jul  8 17:48 ..
drwxr-xr-x 1    0 0   0 Jun 28 17:01 lib
drwxr-xr-x 1    0 0 182 Jun 28 10:23 lib64
drwxr-xr-x 1 1006 0   0 Jul  8 16:05 sftp-share
drwxr-xr-x 1    0 0  16 Jun 28 10:23 usr
-bash-4.4$ pwd
/
-bash-4.4$ rsync --version
rsync  version 3.2.7  protocol version 31
...

[phillxnet]

And rpm was build using this PR's branch and using the same SFTP export setup as in the prior comment we have the resulting chroot for the given user (SFTP exported share owner):

rleap15-6:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   ├── ls
    │   └── rsync
    └── lib64
        ├── libcap.so.2
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpcre2-8.so.0
        ├── libpopt.so.0
        ├── libselinux.so.1
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 19 files

I.e. the addition of ls and it's additional libraries.

SFTP access retest (rpm install this time)

sftp sftp://sftp-user@rleap15-6.lan
Password: 
Connected to rleap15-6.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              42 Jul  9 14:08 .
drwxr-xr-x    1 0        0              42 Jul  9 14:08 ..
drwxr-xr-x    1 0        0               0 Jul  9 14:08 lib
drwxr-xr-x    1 0        0             182 Jul  9 14:08 lib64
drwxr-xr-x    1 1006     0               0 Jul  8 16:05 sftp-share
drwxr-xr-x    1 0        0              16 Jul  9 14:08 usr
sftp> pwd
Remote working directory: /
sftp>

SSH access (default)

ssh sftp-user@rleap15-6.lan
Password: 
This service allows sftp connections only.
Connection to rleap15-6.lan closed.

Post by-hand ForceCommand line removal (and rockstor* service stop & start), followed by delete and re-establishing the same SFTP share export:

rockstor-core/src/rockstor/system/ssh.py

Line 149 in 701b44c

tfo.write("\tForceCommand internal-sftp\n")

ssh sftp-user@rleap15-6.lan
Password: 
Have a lot of fun...
Last login: ...
-bash-4.4$ ls -la
total 0
drwxr-xr-x 1    0 0  42 Jul  9 14:20 .
drwxr-xr-x 1    0 0  42 Jul  9 14:20 ..
drwxr-xr-x 1    0 0   0 Jul  9 14:08 lib
drwxr-xr-x 1    0 0 182 Jul  9 14:08 lib64
drwxr-xr-x 1 1006 0   0 Jul  8 16:05 sftp-share
drwxr-xr-x 1    0 0  16 Jul  9 14:08 usr
-bash-4.4$ pwd
/