[CentOS] scp -rp behavior(SOLVED)

Valeri Galtsev galtsev at kicp.uchicago.edu
Sun Mar 1 17:23:14 UTC 2015 

On Sun, March 1, 2015 11:14 am, J Martin Rushton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> <big snip>
>
>> Why "slash": /.thunderbird in case of your example? Because if you
>> do not specify absolute path beginning with / the ssh daemon
>> prepends your relative path with its `pwd` it runs in, and its
>> `pwd` is "/")
>
> Not so.  Consider:

Indeed you are right. My bad. It starts worker process as user=remote user
with pwd his home directory. Thanks for correcting the stupid idiot (which
will be me)

>
> $ ssh pi-1 pwd
> /home/jmr
>
> If you examine what is happening, the daemon creates an unprivileged
> process for the user, and that process performs the operation.  Were
> it to be otherwise you would have a gaping hole in security.
>
> $ ssh pi-1 ps -f
> UID        PID  PPID  C STIME TTY          TIME CMD
> jmr       3054  3050  0 04:22 ?        00:00:00 sshd: jmr at notty
> jmr       3055  3054  0 04:22 ?        00:00:00 ps -f
> $ ssh pi-1 ps -ef | grep ssh
> root      2432     1  0 Feb28 ?        00:00:00 /usr/sbin/sshd
> root      3056  2432  0 04:23 ?        00:00:00 sshd: jmr [priv]
> jmr       3060  3056  0 04:23 ?        00:00:00 sshd: jmr at notty
>
> The first command shows the unprivileged process shelling out the ps
> command as expected.  Note that the parent daemon is running as
> jmr at notty.  The second command shows master daemon, the privileged
> child to handle the connection and the unprivileged jmr at notty.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBAgAGBQJU80j0AAoJEAF3yXsqtyBlr0EQAJNyKbeBSu0F22dqe+cIiTfl
> yydfgvCsqmg2xiAz4oQgiqHoYqjcj4XihnIclCmsrw+My4WAy5Yer59NVl/tVYPh
> n0YOAm2oobHTYL4rse/eeFUUga19JD1JAwCrs/k3GQwDXaoBf9PXcRAQBo4q44Mx
> peA7T9Fmb7eosz3xVS74hOeYFTPdOOMSr17ygGuyM9Q0vHgg3EyDUUPjotsp7eRe
> vr9eQI64DgPL1Q01BdZYqseHbLNxkCjL1tuDRy8Qzrj2i4S4JEPB8h8VJWVssoQw
> J6IqWz3hHi+9ecl5AX/jTdlgxUK7rhogMmQ7YanqA4MGCSZQkOmk7jz59ocD0S6q
> sswJVUOHbV1DVKCFR/G2SOfYecp9iIti5az58v4nPMzK/X8coB1ZeB9cZlKpGh94
> 2UU34UmynvgCSsw3THqS3QgTE4VtPAVtyLJWFjK+E+ilsJ6b84emEWoSZ/b7RhTg
> kADyr/xlmX6xXOUBQsME9ExfTVsKJv+wj02tFaxhEkup3bS2twAbRPprSy66TZXD
> 5OD8Nyz3lxSl1Z2qy7KzYhf3gY5gcYDXgtRPcNiM2sWOZTmoo+ZKJQVeVMyZ+inf
> 0Vls5joJrRi93XfVuWMijnT/A4aCAhbUBlPye7sX6uy96ButBsk/rAaolzNh1PdH
> Htsbqx50fPZbzNfyZ2BB
> =LGml
> -----END PGP SIGNATURE-----
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

More information about the CentOS mailing list