[CentOS] scp -rp behavior(SOLVED)

J Martin Rushton martinrushton56 at btinternet.com
Sun Mar 1 17:14:29 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<big snip>

> Why "slash": /.thunderbird in case of your example? Because if you
> do not specify absolute path beginning with / the ssh daemon
> prepends your relative path with its `pwd` it runs in, and its
> `pwd` is "/")

Not so.  Consider:

$ ssh pi-1 pwd
/home/jmr

If you examine what is happening, the daemon creates an unprivileged
process for the user, and that process performs the operation.  Were
it to be otherwise you would have a gaping hole in security.

$ ssh pi-1 ps -f
UID        PID  PPID  C STIME TTY          TIME CMD
jmr       3054  3050  0 04:22 ?        00:00:00 sshd: jmr at notty
jmr       3055  3054  0 04:22 ?        00:00:00 ps -f
$ ssh pi-1 ps -ef | grep ssh
root      2432     1  0 Feb28 ?        00:00:00 /usr/sbin/sshd
root      3056  2432  0 04:23 ?        00:00:00 sshd: jmr [priv]
jmr       3060  3056  0 04:23 ?        00:00:00 sshd: jmr at notty

The first command shows the unprivileged process shelling out the ps
command as expected.  Note that the parent daemon is running as
jmr at notty.  The second command shows master daemon, the privileged
child to handle the connection and the unprivileged jmr at notty.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJU80j0AAoJEAF3yXsqtyBlr0EQAJNyKbeBSu0F22dqe+cIiTfl
yydfgvCsqmg2xiAz4oQgiqHoYqjcj4XihnIclCmsrw+My4WAy5Yer59NVl/tVYPh
n0YOAm2oobHTYL4rse/eeFUUga19JD1JAwCrs/k3GQwDXaoBf9PXcRAQBo4q44Mx
peA7T9Fmb7eosz3xVS74hOeYFTPdOOMSr17ygGuyM9Q0vHgg3EyDUUPjotsp7eRe
vr9eQI64DgPL1Q01BdZYqseHbLNxkCjL1tuDRy8Qzrj2i4S4JEPB8h8VJWVssoQw
J6IqWz3hHi+9ecl5AX/jTdlgxUK7rhogMmQ7YanqA4MGCSZQkOmk7jz59ocD0S6q
sswJVUOHbV1DVKCFR/G2SOfYecp9iIti5az58v4nPMzK/X8coB1ZeB9cZlKpGh94
2UU34UmynvgCSsw3THqS3QgTE4VtPAVtyLJWFjK+E+ilsJ6b84emEWoSZ/b7RhTg
kADyr/xlmX6xXOUBQsME9ExfTVsKJv+wj02tFaxhEkup3bS2twAbRPprSy66TZXD
5OD8Nyz3lxSl1Z2qy7KzYhf3gY5gcYDXgtRPcNiM2sWOZTmoo+ZKJQVeVMyZ+inf
0Vls5joJrRi93XfVuWMijnT/A4aCAhbUBlPye7sX6uy96ButBsk/rAaolzNh1PdH
Htsbqx50fPZbzNfyZ2BB
=LGml
-----END PGP SIGNATURE-----

More information about the CentOS mailing list