Chroot SFTP on Solaris 10

Similar Messages

• Sftp on Solaris 10 with ssh_config(5) support?

  Solaris 10 comes with sftp as part of its image. Underneath, it uses sun-ssh, which supports ssh_config(4).
  Is there any patches/upgrades out there that supports ssh_config(5)?
  Thanks very much in advance for your help,
  pam

  The key part is to have the devices you need: null and log, at a minimum.
  You can't create devices in a local zone: mknod says "not owner". Doesn't matter whether you zlogin or ssh in.
  Instead, create the devices from the global zone in your zone's filesystem. Create all your directories within the zone.
  If you have zone foo with it's root /export/zone/foo and you have some home directory in the zone /export/home/chroot
  cd /export/zone/foo/root/export/home/chroot/dev
  mknod log c 21 5
  mknod null c 13 5
  (I'm assuming you have the same major/minor as in my system; verify first with ls -l /dev/log and ls -l /dev/null )

• Chroot SFTP for virtual users

  Anyone tried this on Arch?
  http://www.minstrel.org.uk/papers/sftp/
  Basically allowing chrooted virtual users SFTP access (no users/shell access). I thought of switching completely to SFTP from FTP/SSL, but don't want to add a user for each virtual host.
  Last edited by phrozen (2013-08-24 15:54:51)

  To allow virtual user on the site, you need add a SAML authenticator provider to the security realm. From the log, I don’t see there is a SAML authenticator configured. This SAML authentication provider is used by SAMLIA to authenticate (in fact, it simply returns an authenticated identity) the virtual users.
  You should also pay attention to the control flags of the newly added SAML authenticator and your existing DefaultAtn provider. For example, the control flags can be set like this:
  SAML Authenticator - SUFFICIENT
  DefaultAtn - SUFFICIENT
  If DefaultAtn’s control flag is set to REQUIRED, “Virtual Users” will not work, too.

• Chroot SFTP to external volume - possible?

  Hello group:
  I've got SFTP setup with a chroot to a folder on my default internal drive. However, I'd like to map this to an external volume, but when I make the change in sshd_config, I get a permissions error in the system log. As I understand there are restrictions on what the permissions should be for a chrooted session, how woud one configure a chroot to an external volume? Any ideas?
  This is the error I get:
  sshd[37865]: fatal: bad ownership or modes for chroot directory component "/Volumes/"
  Thanks!
  -Marty

  MrHoffman:
  Thanks for the reply. I understand that sftp is essentially ssh and I have it working in a folder off a folder in the users home folder (/users/sftptest/chroottest). However, I want to change this to a folder on an external volume (/volumes/myexternaldrive/somefolder). This is where things stop working and I get the error. Now, from what I understand for chroot to function,  the chroot directory has to be owned by root and there can't be any group-write access. My question is how can this be possible with an external volume if part of the path contains the /volumes folder?
  Thanks!

• Solaris 10 Openssh v5.3p1 sftp chroot works but denied permission

  Hi all, I have been working for 3 days to make chroot work on Solaris 10 with openssh v5.3p1 usring http://www.minstrel.org.uk/papers/sftp/builtin/ methods. All looks great, I can open a sftp session but when I try to write I get permissin denied messages. I just can find what I am doing wrong. I have totally removed Sun ssh from the box and compiled openssh. I followed minstrel to the letter. I have tried winscp and other sftp client all with the same error permission denier from server.
  Following is a openssh debug output that may help. The best I can read it it appears that all is working.
  Sorry I had to delete some of the debug due to the 7500- character rule.
  Thanks for any help anyone can provide.
  Tom
  bash-3.00# /usr/local/sbin/sshd -p 22 -D -ddd -e
  debug2: load_server_config: filename /usr/local/etc/sshd_config
  debug2: load_server_config: done config len = 249
  debug2: parse_server_config: config /usr/local/etc/sshd_config len 249
  debug3: /usr/local/etc/sshd_config:113 setting Subsystem sftp internal-sftp
  debug3: checking syntax for 'Match Group sftponly'
  deleted
  debug1: rexec_argv[0]='/usr/local/sbin/sshd'
  debug1: rexec_argv[1]='-p'
  debug1: rexec_argv[2]='22'
  debug1: rexec_argv[3]='-D'
  debug1: rexec_argv[4]='-ddd'
  debug1: rexec_argv[5]='-e'
  debug2: fd 4 setting O_NONBLOCK
  debug2: parse_server_config: config rexec len 249
  debug3: rexec:113 setting Subsystem sftp internal-sftp
  debug3: checking syntax for 'Match Group sftponly'
  debug1: sshd version sshp1
  debug1: Local version string SSH-2.0-ssh
  debug2: fd 4 setting O_NONBLOCK
  debug2: Network child is on pid 13650
  debug3: Trying to reverse map address 172.31.81.200.
  debug2: parse_server_config: config reprocess config len 249
  debug3: checking match for 'Group sftponly' user lefler host x4500e0 addr 172.31.81.200
  debug1: user lefler matched group list sftponly at line 122
  debug3: match found
  debug3: reprocess config:123 setting ChrootDirectory %h
  debug3: reprocess config:124 setting ForceCommand internal-sftp
  debug3: reprocess config:125 setting AllowTcpForwarding no
  debug3: auth_shadow_acctexpired: today 14860 sp_expire -1 days left -14861
  debug3: account expiration disabled
  Accepted password for lefler from 172.31.81.200 port 35932 ssh2
  debug3: mm_auth_password: user authenticated
  debug1: monitor_child_preauth: lefler has been authenticated by privileged process
  debug3: mm_get_keystate: Waiting for new keys
  debug3: mm_request_receive_expect entering: type 24
  debug3: mm_request_receive entering
  debug3: mm_send_keystate: Sending new keys: 80ce730 80ce668
  debug3: mm_newkeys_to_blob: converting 80ce730
  debug3: mm_newkeys_to_blob: converting 80ce668
  debug3: mm_send_keystate: New keys have been sent
  debug3: mm_send_keystate: Sending compression state
  debug3: mm_request_send entering: type 24
  debug3: mm_send_keystate: Finished sending state
  debug3: mm_newkeys_from_blob: 80ce110(118)
  debug2: mac_setup: found hmac-md5
  debug3: mm_get_keystate: Waiting for second key
  debug3: mm_newkeys_from_blob: 80ce110(118)
  debug2: mac_setup: found hmac-md5
  debug3: mm_get_keystate: Getting compression state
  debug3: mm_get_keystate: Getting Network I/O buffers
  debug3: mm_share_sync: Share sync
  debug3: mm_share_sync: Share sync end
  User child is on pid 13651
  debug3: mm_request_receive entering
  debug3: safely_chroot: checking '/'
  debug3: safely_chroot: checking '/export/'
  debug3: safely_chroot: checking '/export/home/'
  debug3: safely_chroot: checking '/export/home/lefler/'
  debug3: safely_chroot: checking '/export/home/lefler/./'
  debug3: safely_chroot: checking '/export/home/lefler/./'
  Changed root directory to "/export/home/lefler/./"
  debug1: permanently_set_uid: 1015/3001
  debug2: set_newkeys: mode 0
  debug2: set_newkeys: mode 1
  debug1: Entering interactive session for SSH2.
  debug2: fd 5 setting O_NONBLOCK
  debug2: fd 6 setting O_NONBLOCK
  debug1: server_init_dispatch_20
  debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
  debug1: input_session_request
  debug1: channel 0: new [server-session]
  debug2: session_new: allocate (allocated 0 max 10)
  debug3: session_unused: session id 0 unused
  debug1: session_new: session 0
  debug1: session_open: channel 0
  debug1: session_open: session 0: link with channel 0
  debug1: server_input_channel_open: confirm session
  debug1: server_input_channel_req: channel 0 request subsystem reply 1
  debug1: session_by_channel: session 0 channel 0
  debug1: session_input_channel_req: session 0 req subsystem
  subsystem request for sftp
  debug1: subsystem: internal-sftp
  debug1: Forced command (config) 'internal-sftp'
  debug2: fd 4 setting TCP_NODELAY
  debug2: fd 10 setting O_NONBLOCK
  debug2: fd 9 setting O_NONBLOCK
  debug1: do_cleanup

  what you have to do is create a dir where the user can upload to that they own. it cant be the root dir that you set to chroot to. so if the home dir is --> /export/home/lefler
  make a dir like --> /export/home/lefler/upload
  then
  chown lefler /export/home/lefler/upload
  and then see if things work writing to that dir.

• SFTP chroot from non-global zone to zfs pool

  Hi,
  I am unable to create an SFTP chroot inside a zone to a shared folder on the global zone.
  Inside the global zone:
  I have created a zfs pool (rpool/data) and then mounted it to /data.
  I then created some shared folders: /data/sftp/ipl/import and /data/sftp/ipl/export
  I then created a non-global zone and added a file system that loops back to /data.
  Inside the zone:
  I then did the ususal stuff to create a chroot sftp user, similar to: http://nixinfra.blogspot.com.au/2012/12/openssh-chroot-sftp-setup-in-linux.html
  I modifed the /etc/ssh/sshd_config file and hard wired the ChrootDirectory to /data/sftp/ipl.
  When I attempt to sftp into the zone an error message is displayed in the zone -> fatal: bad ownership or modes for chroot directory /data/
  Multiple web sites warn that folder ownership and access privileges is important. However, issuing chown -R root:iplgroup /data made no difference. Perhaps it is something todo with the fact the folders were created in the global zone?
  If I create a simple shared folder inside the zone it works, e.g. /data3/ftp/ipl......ChrootDirectory => /data3/ftp/ipl
  If I use the users home directory it works. eg /export/home/sftpuser......ChrootDirectory => %h
  FYI. The reason for having a ZFS shared folder is to allow separate SFTP and FTP zones and a common/shared data repository for FTP and SFTP exchanges with remote systems. e.g. One remote client pushes data to the FTP server. A second remote client pulls the data via SFTP. Having separate zones increases security?
  Any help would be appreciated to solve this issue.
  Regards John

  sanjaykumarfromsymantec wrote:
  Hi,
  I want to do IPC between inter-zones ( commnication between processes running two different zones). So what are the different techniques can be used. I am not interested in TCP/IP ( AF_INET) sockets.Zones are designed to prevent most visibility between non-global zones and other zones. So network communication (like you might use between two physical machines) are the most common method.
  You could mount a global zone filesystem into multiple non-global zones (via lofs) and have your programs push data there. But you'll probably have to poll for updates. I'm not certain that's easier or better than network communication.
  Darren

• Anonymous ftp

  I'm runing a solaris 8 on a ultra 5. I want to create an anonymous ftp server can some one tells me the steps on hot ot do it or if they have a web site where they show ho to to create one?

  several web sites can apply... btw, you should have posted this to the sysop area as you've said in your post you've got solaris 8...
  a quick search of google
  anonymous ftp solaris setup
  yielded...
  http://www.dbaoncall.net/references/ht_setup_ftp.html
  http://stone.backrush.com/sunfaq/lmh032.html
  You may also want to look at a hardened approach and check for how to setup a chroot environment on solaris (there was a post a week or two back with this question)
  hth

• New user in solaris 11 to allow sftp only

  We want to create new user and enable following
  1. this user should be able to use only SFTP, SSH shall not be allowed
  2. this user should not be able to go to any other directory

  Hello
  I think these doc can help to do the point 2. But the ssh won't be able to go out of the chroot directory
  How to setup a chroot ssh/sftp environment in Solaris 10 (Doc ID 1399023.1)
  Regards
  Eze

• Sftp to chrooted directory?

  Hello,
  I'm running Solaris 9 and I have used ftpconfig to set up some chrooted accounts for anonymous ftp.
  One of my business partners claim that they have to use sftp to transmit their data. But I can't get sftp to work with one of these chrooted accounts.
  Is sftp supported in this configuration?
  Any suggestions on correct configuration.

  Hi Mani
  Since your inbound IDOC is not synchronous , the main challenge will be returning the purchase order number from ECC.
  So if you wan't that the ECC will return the purchase order number, then you can think of using Proxy instead of IDOC.It is very easy to use proxy in case of synchronous requirement.
  Or you can modify the existing IDOC program so that it will create one asynchronous proxy to send back the purchase order from ECC.
  You will need one additional scenario for second approach.

• Syslog and sftp chroot

  i'm configuring sftp (patched openssh with sftplogging e chroot) but i've problems with logging.
  sftplogging site hints to create chroot/dev/log in chrooted enviroment and launch syslogd -a chroot/dev/log but solaris syslogd doesn't have -a option.
  there's an alternative way or i must install syslog-ng?

  Can you post sshd_config.
  Edit: It's probably NOT client side. It's a chroot environment (which I had totally misread.) So this has to be a server side misconfiguration. Sorry, it's late
  Last edited by Minsc (2014-06-19 03:14:28)

• Solaris 8 on chroot in Solaris 10

  I've copied all nessesary Sol8 system files to machine with Sol10. After executing "chroot /home/chroot/sol8 /bin/bash" almost everything is OK except running programs which need the "libthread.so.1" library (for example java). These programs cause error: "_sys_thread_create() failed, errno = 22".
  bash-3.00#uname -a
  SunOS xxxx 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-480R
  bash-3.00# mount -F proc proc /home/chroot/sol8/proc
  bash-3.00# mount -F fd /dev/fd /home/chroot/sol8/dev/fd
  bash-3.00# chroot /home/chroot/sol8 /bin/bash
  bash-2.05b#
  bash-2.05b# ldd /usr/bin/java
  libthread.so.1=> /usr/j2re1.4.1/bin/../../../lib/sparcv9/libthread.so.1
  libdl.so.1 => /usr/j2re1.4.1/bin/../../../lib/sparcv9/libdl.so.1
  libc.so.1 => /usr/j2re1.4.1/bin/../../../lib/sparcv9/libc.so.1
  /usr/platform/SUNW,Sun-Fire-480R/lib/sparcv9/libc_psr.so.1
  bash-2.05b# /usr/bin/java
  systhread_create() failed, errno = 22
  The "libthread.so.1" file is dated on 19th may 06 (patch no. 108993-57)
  Other machine with native Sol8 does not have such problem.
  Can anyone explain me what the "errno=22" mean ?
  Best regards.
  Tom

  We a lot of machines with Solaris 8 at our customer which cannot be upgraded in near future (for some security reasons). I've decided to install Solaris 10 on our development server (V480) but we have to produce binaries (aplications and libraries) which will be running in "clean" Sol8 environment.
  The best solution would be to prepare Sol8 temporary environment on our server till then the customer will upgrade own machines to Sol10.
  In reference to "Dynamic System Domains" option:
  We are using[b] Sun-Fire V480 server not Sunfire 6800 - is that option applicable to such servers (V480) ???

• Openssh 3.18.1 on Solaris 8: sftp connection closed

  Hi, to setup a secure environment for file transfer, I have installed the following packages in my solaris 8.
  - openssh-3.8
  - openssl-0.9.7d-Solaris8-local
  - prngd-0.9.26-Solaris8-local
  - tcpwrappers-7.6-Solaris8-local
  - zlib-1.2.1-Solaris8-local
  I do not have any problem with SSH but I kept getting Connection Closed when I tried to sftp or scp into my Solaris 8. I have verified the user info is correct but have really no idea what is the problem. Following is the debug output from a windows client to my solaris 8:
  C:\>sftp -v [email protected]
  Connecting to 172.18.5.100...
  OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
  debug1: Reading configuration data /etc/ssh_config
  debug1: Connecting to 172.18.5.100 [172.18.5.100] port 22.
  debug1: Connection established.
  debug1: identity file /home/derrence/.ssh/id_rsa type -1
  debug1: identity file /home/derrence/.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1
  debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-cbc hmac-md5 none
  debug1: kex: client->server aes128-cbc hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  debug1: Host '172.18.5.100' is known and matches the RSA host key.
  debug1: Found key in /home/derrence/.ssh/known_hosts:1
  debug1: ssh_rsa_verify: signature correct
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: publickey,password,keyboard-interacti
  ve
  debug1: Next authentication method: publickey
  debug1: Trying private key: /home/derrence/.ssh/id_rsa
  debug1: Trying private key: /home/derrence/.ssh/id_dsa
  debug1: Next authentication method: keyboard-interactive
  debug1: Authentications that can continue: publickey,password,keyboard-interacti
  ve
  debug1: Next authentication method: password
  [email protected]'s password:
  debug1: Authentication succeeded (password).
  debug1: channel 0: new [client-session]
  debug1: Entering interactive session.
  debug1: Sending subsystem: sftp
  debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
  debug1: channel 0: free: client-session, nchannels 1
  debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
  debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
  debug1: Exit status 137
  It exited with a Status 137. Can anyone advice on this problem? I've trying to google around but to no avail. pls help. thanks

  I am also getting a similar error w.r.t sftp on Solairs 9.
  openSSH 0.9.8
  ./sftp -v [email protected]
  Connecting to 10.205.254.118...
  OpenSSH_4.0p1, OpenSSL 0.9.7e 25 Oct 2004
  debug1: Reading configuration data /usr/local/etc/ssh_config
  debug1: Applying options for *
  debug1: Connecting to 10.205.254.118 [10.205.254.118] port 22.
  debug1: Connection established.
  debug1: read PEM private key done: type DSA
  debug1: read PEM private key done: type RSA
  debug1: permanently_set_uid: 0/0
  debug1: identity file /.ssh/id_rsa type -1
  debug1: identity file /.ssh/id_dsa type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_4.0
  debug1: match: OpenSSH_4.0 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.0
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-cbc hmac-md5 none
  debug1: kex: client->server aes128-cbc hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  debug1: Host '10.205.254.118' is known and matches the RSA host key.
  debug1: Found key in /usr/local/etc/ssh_known_hosts:2
  debug1: ssh_rsa_verify: signature correct
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: password,hostbased
  debug1: Next authentication method: hostbased
  debug1: Remote: Ignoring wild host/user names in /etc/hosts.equiv.
  debug1: Authentications that can continue: password,hostbased
  debug1: Remote: Ignoring wild host/user names in /etc/hosts.equiv.
  debug1: Authentications that can continue: password,hostbased
  debug1: No more client hostkeys for hostbased authentication.
  debug1: Next authentication method: password
  [email protected]'s password:
  debug1: Authentication succeeded (password).
  debug1: channel 0: new [client-session]
  debug1: Entering interactive session.
  debug1: Sending subsystem: sftp
  debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
  debug1: channel 0: free: client-session, nchannels 1
  debug1: fd 0 clearing O_NONBLOCK
  debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 4.6 seconds
  debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
  debug1: Exit status 2
  Connection closed
  what might be the possible cause?

• Solaris 10: BIND 9 Chroot Service fails to start with SVCADM but works when

  I recently upgraded with Solaris patches and after the reboot my Bind Named services (DNS) go into maintenance mode.
  bash-3.2# svcs -xv
  svc:/network/dns/server:chroot (?)
  State: maintenance since Thu Nov 01 00:22:19 2012
  Reason: Start method failed repeatedly, last exited with status 1.
  See: http://sun.com/msg/SMF-8000-KS
  See: man -M /usr/man -s 1M named
  See: /var/svc/log/network-dns-server:chroot.log
  Impact: This service is not running.
  Output from var/svc/log/network-dns-server:chroot.log below
  [ Nov 1 00:22:19 Executing start method ("/lib/svc/method/dns-server start chroot") ] dns-server: Executing: named -t /var/named/chroot/named -c /etc/named.conf /lib/svc/method/dns-server: named: cannot execute dns-server : start failed! Check syslog for further information. [ Nov 1 00:22:19 Method "start" exited with status 1 ]
  I can run named -t /var/named/chroot/named -c /etc/named.conf manually from as root from the command line the named process starts and DNS works.
  I thought this had something to do with permissions/file ownership or something like that. I have tried changing (chown/chgrp)the /var/named/chroot/named directory to root root and named root. I also did the same with the /var/named/chroot/named/named binary. I also tried the same types of things with the /etc/named.conf file. So far no luck.
  Any suggestions on how to figure this out would be greatly appreciated.

  Just read the mentioned thread because the answer is in it and duplicating that seems useless. Don't make it seem like you want the answer to be presented on a silver plate

• Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7

  My Old verion "Solaris 10 x86 Generic_Patch_118844-30" can be run "Bind 9 DNS Server" in chroot mode.
  And this is no any problem.
  I have been try to use "Bind 9 DNS Server" in Solairs 10 x86 u6 or u7.
  The result is not any problem.
  But when I turn it run in the chroot mode. the "Bind 9 DNS Server" cannot run.
  I have been manuelly run the named:-
  /usr/sbin/named -c /etc/named.conf -t /chroot/dns -u named -f -g
  The respond is :-
  13-May-2009 02:17:46.623 starting BIND 9.3.6-P1 -c /etc/named.conf -t /chroot/dns -u named -f -g
  13-May-2009 02:17:46.624 found 1 CPU, using 1 worker thread
  13-May-2009 02:17:46.627 socket.c:3259: unexpected error:
  13-May-2009 02:17:46.627 open(/dev/poll) failed: No such file or directory
  13-May-2009 02:17:46.628 ./main.c:495: unexpected error:
  13-May-2009 02:17:46.628 isc_socketmgr_create() failed: file not found
  13-May-2009 02:17:46.629 create_managers() failed: unexpected error
  13-May-2009 02:17:46.629 exiting (due to early fatal error)
  Look like the bind 9 runing in the chroot mode after that cannot find /dev/poll
  Even I use Bind 9 version 9.6.0, the result is same.
  So, I don't sure the problem are the Bind 9 or Solaris 10 u6/u7
  I try to continous install New verion Bind 9 in my old version Solaris 10.
  THE Result is NO ANY PROBLEM in old version Solaris 10.
  And I already bypass the SMF problem.
  Anyone can tell me what the problem in solaris 10 u6/u7?

  Looks like something reported similar bug:
  [BIND fails to start|http://bugs.opensolaris.org/view_bug.do%3Bjsessionid=376e1152f0ddc75829ed1725542e?bug_id=6799867]
  but I am somewhat puzzled why there is no follow up on the bug fixing.
  Ok, I found the source (may be?):
  From named:
  http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/bind/bind-9.3.6-P1/bin/named/main.c
      462 static isc_result_t
      463 create_managers(void) {
      464      isc_result_t result;
      465      unsigned int socks;
      466
      467 #ifdef ISC_PLATFORM_USETHREADS
      468      if (ns_g_cpus == 0)
      469           ns_g_cpus = ns_g_cpus_detected;
      470      isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
      471                 ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s",
      472                 ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s",
      473                 ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
      474 #else
      475      ns_g_cpus = 1;
      476 #endif
      477      result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
      478      if (result != ISC_R_SUCCESS) {
      479           UNEXPECTED_ERROR(__FILE__, __LINE__,
      480                      "isc_taskmgr_create() failed: %s",
      481                      isc_result_totext(result));
      482           return (ISC_R_UNEXPECTED);
      483      }
      484
      485      result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr);
      486      if (result != ISC_R_SUCCESS) {
      487           UNEXPECTED_ERROR(__FILE__, __LINE__,
      488                      "isc_timermgr_create() failed: %s",
      489                      isc_result_totext(result));
      490           return (ISC_R_UNEXPECTED);
      491      }
      492
      493      result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);===========================> here. (notice the error message and the actual function called are not the same).
      494      if (result != ISC_R_SUCCESS) {
      495           UNEXPECTED_ERROR(__FILE__, __LINE__,
      496                      "isc_socketmgr_create() failed: %s",
      497                      isc_result_totext(result));
      498           return (ISC_R_UNEXPECTED);
      499      }
      500      result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
      501      if (result == ISC_R_SUCCESS) {
      502           isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
      503                      NS_LOGMODULE_SERVER,
      504                      ISC_LOG_INFO, "using up to %u sockets", socks);
      505      }
      506
      507      result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
      508      if (result != ISC_R_SUCCESS) {
      509           UNEXPECTED_ERROR(__FILE__, __LINE__,
      510                      "isc_entropy_create() failed: %s",
      511                      isc_result_totext(result));
      512           return (ISC_R_UNEXPECTED);
      513      }
      514
      515      result = isc_hash_create(ns_g_mctx, ns_g_entropy, DNS_NAME_MAXWIRE);
      516      if (result != ISC_R_SUCCESS) {
      517           UNEXPECTED_ERROR(__FILE__, __LINE__,
      518                      "isc_hash_create() failed: %s",
      519                      isc_result_totext(result));
      520           return (ISC_R_UNEXPECTED);
      521      }
      522
      523      return (ISC_R_SUCCESS);
      524 }And in isc_socketmgr_create2():
     3384 isc_result_t
     3385 isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
     3386                 unsigned int maxsocks)
     3387 {
  <SNIP>
     3488
     3489      /*
     3490       * Set up initial state for the select loop
     3491       */
     3492      result = setup_watcher(mctx, manager);===============================>will call open() on /dev/poll.
     3493      if (result != ISC_R_SUCCESS)
     3494           goto cleanup;
     3495      memset(manager->fdstate, 0, manager->maxsocks * sizeof(int));
  Other the above, I cannot really understand or help further. But I know it should fail in somewhere in setup_watcher() in socket.c.

• SFTP logs on Solaris 10

  Hi,
  We are running ProFTPd as SFTP (and FTP) Server on Solaris 10.
  I could enable logs in ProFTPd to capture ALL events (including access, file transfter, authentication etc.). Now i need to enable ALL the logs for SFTP transactions also. I am getting only FTP transactions on ProFTPd logs.
  Please advise.
  TIA
  Prvn

  "proftp as sftp" made me think diff...
  see this: [http://forum.java.sun.com/thread.jspa?threadID=5090499&start=0]
  it ref ssol 9, however the steps for 10 should be the same or build openssh and use: [http://sftpfilecontrol.sourceforge.net/]