FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Port details
scponly 4.8.20110526_1 shells on this many watch lists=40 search for ports that depend on this port An older version of this port was marked as vulnerable.
Tiny shell that only permits scp and sftp
Maintained by: gjb@FreeBSD.org search for ports maintained by this maintainer
Port Added: 10 Sep 2002 22:19:03
Also Listed In: security
License: not specified in port


[Excerpted from the README:]  "scponly" is an alternative "shell" (of sorts)
for system administrators who would like to provide access to remote users to
both read and write local files without providing any remote execution
privileges.  Functionally, it is best described as a wrapper to the
tried-and-true ssh suite.

scponly validates remote requests by examining the third argument passed to the
shell upon login.  (The first argument is the shell itself, and the second is
-c.)  The only commands allowed are "scp", "sftp-server" and "ls".  Arguments
to these commands are passed along unmolested.

WWW: https://github.com/scponly/scponly/wiki
SVNWeb : Main Web Site : Distfiles Availability : PortsMon

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Required To Build:
  1. security/openssh-portable
Required To Run:
  1. security/openssh-portable
There are no ports dependent upon this port

To install the port: cd /usr/ports/shells/scponly/ && make install clean
To add the package: pkg install shells/scponly


Configuration Options
===> The following configuration options are available for scponly-4.8.20110526_1:
     CHROOT=off: chroot(8) functionality
     DEFAULT_CHDIR=off: Chdir(2) by default
     DOCS=on: Build and/or install documentation
     GFTP=off: gftp support
     RSYNC=off: rsync support
     SCP=off: vanilla scp support
     SVN=off: Subversion support
     SVNSERVE=off: Suversion support for svn+ssh://
     UNISON=off: Unisson support
     WILDCARDS=on: Wildcards processing
     WINSCP=off: WinSCP support
===> Use 'make config' to modify these settings

Master Sites:
  1. http://aarnet.dl.sourceforge.net/project/scponly/scponly-snapshots/
  2. http://distcache.FreeBSD.org/ports-distfiles/
  3. http://downloads.sourceforge.net/project/scponly/scponly-snapshots/
  4. http://freefr.dl.sourceforge.net/project/scponly/scponly-snapshots/
  5. http://garr.dl.sourceforge.net/project/scponly/scponly-snapshots/
  6. http://heanet.dl.sourceforge.net/project/scponly/scponly-snapshots/
  7. http://hivelocity.dl.sourceforge.net/project/scponly/scponly-snapshots/
  8. http://ignum.dl.sourceforge.net/project/scponly/scponly-snapshots/
  9. http://internode.dl.sourceforge.net/project/scponly/scponly-snapshots/
  10. http://iweb.dl.sourceforge.net/project/scponly/scponly-snapshots/
  11. http://jaist.dl.sourceforge.net/project/scponly/scponly-snapshots/
  12. http://kaz.dl.sourceforge.net/project/scponly/scponly-snapshots/
  13. http://kent.dl.sourceforge.net/project/scponly/scponly-snapshots/
  14. http://master.dl.sourceforge.net/project/scponly/scponly-snapshots/
  15. http://nchc.dl.sourceforge.net/project/scponly/scponly-snapshots/
  16. http://ncu.dl.sourceforge.net/project/scponly/scponly-snapshots/
  17. http://netcologne.dl.sourceforge.net/project/scponly/scponly-snapshots/
  18. http://sunet.dl.sourceforge.net/project/scponly/scponly-snapshots/
  19. http://superb-dca3.dl.sourceforge.net/project/scponly/scponly-snapshots/
  20. http://switch.dl.sourceforge.net/project/scponly/scponly-snapshots/
  21. http://tenet.dl.sourceforge.net/project/scponly/scponly-snapshots/
  22. http://ufpr.dl.sourceforge.net/project/scponly/scponly-snapshots/
  23. http://waix.dl.sourceforge.net/project/scponly/scponly-snapshots/

Number of commits found: 56

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
01 Jul 2014 07:04:48
Original commit files touched by this commit  4.8.20110526_1
Revision:359963
eadler search for other commits by this committer
multiple: avoid RUN_DEPENDS=${BUILD_DEPENDS} anti-pattern
	The ports infrastructure may insert additional content into the
	BUILD_DEPENDS variable which is not supposed to be a run depend.

Approved by:	portmgr (bapt)
20 Jun 2014 00:09:20
Original commit files touched by this commit  4.8.20110526_1
Revision:358479
adamw search for other commits by this committer
Use the USES=tar:... variants.
11 Jun 2014 17:42:36
Original commit files touched by this commit  4.8.20110526_1
Revision:357511
bapt search for other commits by this committer
Add an @shell keyword to handle adding and remove a shell path in /etc/shell
Bump port revision of all ports that were doing it wrong prior to the keyword

CR:		D208
Reviewed by:	antoine
With hat:	portmgr
15 Mar 2014 14:50:08
Original commit files touched by this commit  4.8.20110526_1
Revision:348329
girgen search for other commits by this committer
correct misuse of X_CONFIGURE_ENABLE
06 Mar 2014 17:56:20
Original commit files touched by this commit  4.8.20110526_1
Revision:347288
bapt search for other commits by this committer
Support stage
Use options helpers
20 Sep 2013 22:57:24
Original commit files touched by this commit  4.8.20110526_1
Revision:327770
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
shells)
01 May 2013 21:52:05
Original commit files touched by this commit  4.8.20110526_1
Revision:317053
gjb search for other commits by this committer
- Work around what I believe is a bug in how binary existence in the base
  system are tracked.  Without this "fix", /usr/bin/sftp is not recongnized
  to negate the build dependency of openssh-portable. [1]

- Bump PORTREVISION.

Discussed with:	bdrewery [1]
29 Apr 2013 15:13:52
Original commit files touched by this commit  4.8.20110526
Revision:316827
bdrewery search for other commits by this committer
- If sftp is not available, use security/openssh-portable.
  This is the case if running base with WITHOUT_OPENSSH

Approved by:	gjb (maintainer)
26 Feb 2013 02:56:58
Original commit files touched by this commit  4.8.20110526
Revision:312953
gjb search for other commits by this committer
Take maintainership
16 Dec 2012 18:25:16
Original commit files touched by this commit  4.8.20110526
Revision:309036
bapt search for other commits by this committer
Convert to new option framework
Bump port revision as the options name has change a lot
Add CHDIR and DOCS to options
06 Dec 2012 16:39:08
Original commit files touched by this commit  4.8.20110526
Revision:308390
zi search for other commits by this committer
- Reset MAINTAINER on ports with addresses that have unrecoverable bounces.

Reported by:	portscout
Feature safe:	yes
14 Jan 2012 08:57:23
Original commit files touched by this commit  4.8.20110526
dougb search for other commits by this committer
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
25 Dec 2011 07:21:39
Original commit files touched by this commit  4.8.20110526
eadler search for other commits by this committer
- Update website link

PR:             ports/163597
Submitted by:   Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
Feature Safe:   yes
18 Jun 2011 17:24:07
Original commit files touched by this commit  4.8.20110526
ohauer search for other commits by this committer
 -Add both versions of each configure flag (--enable-x/--disable-x) for safety
 -Update to May 26, 2011 snapshot:
    Add support for OpenSSH's sftp-server umask option.
    Remove inline references to satisify certain compilers
    Remove the now unnecessary sftp-logging compatibility mode.
    When getopt_long is not available, like on AIX, use bundled NetBSD
        getopt_long.
    Update the SECURITY document to include a reference to /etc/popt and \
        ~/.popt as they relate to rsync.
    Fix for rsync-3.0 which now uses a short -e option, with an optional
        argument as a server side option indicating protocol compatibility.
    Fix scponly crash on Solaris
    Fix detection and inclusion of getopt on certain platforms
    Document risks associated with popt reading /etc/popt and ~/.popt
    Document getopt requirement (when certain configure options are enabled)
 - cleanup redundant BUILD_DEPENDS+=  [1]

PR:             ports/157804
Submitted by:   Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer 
[1]
Approved by:    maintainer
15 Dec 2010 07:12:02
Original commit files touched by this commit  4.8_3
wen search for other commits by this committer
-Patch SECURITY doc to include note about bypassing rsync argument checking with
popt (from upstream) and tell people to read it
-Drop long comment describing knobs - it just duplicates OPTIONS
-For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if
post-patch is the best place for this, though?
-Drop dead site and just use Sourceforge
-Use the PORTDOCS variable
-Install some useful docs and drop useless one (TODO)
-Drop pre-everything message about defaults changing; that was 5 years ago
-LOCALBASE vs. PREFIX correction
-Add post-install messages to the plist so package users see them too

PR:             ports/153115
Submitted by:   Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
07 Dec 2010 21:46:51
Original commit files touched by this commit  4.8_2
ohauer search for other commits by this committer
 - Fix support for rsync 3.0

 Rsync 3 needs the "-e" option, which is blocked without this patch by scponly

 Patch pulled from upstream CVS, which states a full release will come soon:
 http://lists.ccs.neu.edu/pipermail/scponly/2010-November/002170.html

 Reported by: Frank Bartels <knarf _at_ knarf.de>

PR:             152869
Submitted by:   Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer)
28 Jun 2010 13:47:20
Original commit files touched by this commit  4.8_1
stefan search for other commits by this committer
Make notes for setting up a chroot cage a bit more precise.

PR:             144059
Submitted by:   Michael Meelis <m.meelis@easybow.com>
Patch by:       Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
Feature safe:   yes
27 Mar 2010 00:15:24
Original commit files touched by this commit  4.8_1
dougb search for other commits by this committer
Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#
10 Feb 2010 03:01:41
Original commit files touched by this commit  4.8_1
pgollucci search for other commits by this committer
- Fix a typo in comments in rc.d script

PR:             ports/143555
Submitted by:   M@FreeBSD.org, van Zadelhoff <mike@ironmikie.nl>
Approved by:    rfarmer@predatorlabs.net (maintainer)
15 Jan 2010 02:44:01
Original commit files touched by this commit  4.8_1
pgollucci search for other commits by this committer
- Fix rc.d script for chroot functionality (thanks to Doug Barton for help with
this)
- Switch an empty #elif to #else to please GCC 4.4
- Submitter is now MAINTAINER

PR:             ports/142764
Submitted by:   Rob Farmer <rfarmer@predatorlabs.net>
21 Dec 2009 02:19:12
Original commit files touched by this commit  4.8
dougb search for other commits by this committer
For ports maintained by ports@FreeBSD.org, remove names and/or
e-mail addresses from the pkg-descr file that could reasonably
be mistaken for maintainer contact information in order to avoid
confusion on the part of users looking for support. As a pleasant
side effect this also avoids confusion and/or frustration for people
who are no longer maintaining those ports.
22 Aug 2009 00:35:32
Original commit files touched by this commit  4.8
  Sanity Test Failure
amdmi3 search for other commits by this committer
- Switch SourceForge ports to the new File Release System: categories starting
with P,R,S
08 Jan 2009 16:40:05
Original commit files touched by this commit  4.8
pav search for other commits by this committer
- Remove USE_RC_SUR (typo), USE_RC_SUBR is conditionally defined later
15 Aug 2008 06:41:19
Original commit files touched by this commit  4.8
linimon search for other commits by this committer
Reset rushani@FreeBSD.org due to maintainer-timeouts and no commits for
more than one year.

Hat:            portmgr
03 Apr 2008 14:14:28
Original commit files touched by this commit  4.8
pav search for other commits by this committer
- Update to 4.8

PR:             ports/121651
Submitted by:   Philip M. Gollucci <pgollucci@p6m7g8.com>
Approved by:    maintainer timeout (rushani; 3 weeks)
03 Oct 2007 13:07:55
Original commit files touched by this commit  4.6_3
edwin search for other commits by this committer
Bump portrevision after previous commit
03 Oct 2007 13:07:09
Original commit files touched by this commit  4.6_2
edwin search for other commits by this committer
scponlyc sftp support doesn't work without minimal devfs in chroot dir

        I'm finding that recently-created scponlyc chroots do not
        provide a sufficient environment for /usr/libexec/sftp-server
        to run. The sftp client symptom is just:

        $ sftp user@www
        Connecting to www...
        Password:
        Connection closed
        $

        The cause appears to be that recent versions of
        /usr/libexec/sftp-server will complain about of lack of
        access to /dev/null and exit, resulting in the closed
(Only the first 15 lines of the commit message are shown above View all of this commit message)
13 Aug 2007 10:34:18
Original commit files touched by this commit  4.6_2
mm search for other commits by this committer
- Add OPTIONS for included knobs

PR:             ports/110036
Approved by:    maintainer (timeout), garga (mentor, implicit)
06 Aug 2006 17:38:15
Original commit files touched by this commit  4.6_1
arved search for other commits by this committer
Unbreak rsync comatibility when long opts ("--server", "--sender"
and "--delete" in this case) specified.

PR:             96295
Suggested by:   ueda _at_ drweb dot jp
Obtained from: 
https://lists.ccs.neu.edu/pipermail/scponly/2006-March/001287.html
Approved by:    rushani (maintainer)
03 Jun 2006 02:59:04
Original commit files touched by this commit  4.6
mnag search for other commits by this committer
- Update to 4.6

PR:             98278
Submitted by:   maintainer
09 May 2006 20:54:19
Original commit files touched by this commit  4.4
edwin search for other commits by this committer
shells/scponly cannot work with rsync

        From: Hideyuki KURASHINA <rushani@FreeBSD.org>

        I've confirmed the rsync compatibility in scponly 4.4 is broken.
        Unfortunately, at this moment I don't have enough time to
        test the patch you showed us...

PR:             ports/96295
Submitted by:   UEDA Hiroyuki <ueda@drweb.jp>
31 Jan 2006 14:05:46
Original commit files touched by this commit  4.4
barner search for other commits by this committer
- Update to 4.4
  o fixes that hopefully improve the optarg compilation situation
  o UNISON $HOME environment fix
  o fixes to setup_chroot.sh.in

PR:             ports/92587
Submitted by:   rushani (maintainer)
29 Dec 2005 05:17:54
Original commit files touched by this commit  4.3
edwin search for other commits by this committer
[Maintainer update] shells/scponly: Update to 4.3.

        Update to 4.3.  Highlights in this release,
        - Compatibility of WinSCP in SCP mode improved.
        - The scponlyc (chroot'ed version of scponly) works again.

PR:             ports/91039
Submitted by:   Hideyuki KURASHINA <rushani@FreeBSD.org>
27 Dec 2005 21:25:56
Original commit files touched by this commit  4.2_1
edwin search for other commits by this committer
[Maintainer update] shells/scponly: Fix WinSCP compativility and etc

        1. Fix WinSCP compativility in SCP mode.  PORTREVISION bumped.
        2. Add sourceforge mirrors to ${MASTER_SITES}.
        3. From scponly 4.2, scp & WinSCP compatibilities are not enabled
           by default.  Notice this at pre-everything target as well as
           UPDATING.

PR:             ports/90983
Submitted by:   Hideyuki KURASHINA <rushani@FreeBSD.org>
22 Dec 2005 16:24:30
Original commit files touched by this commit  4.2
garga search for other commits by this committer
o Update to 4.2.
  - Security fixes (local privilege escalation exploits).  See
    https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
    for details.
  - The scp and WinSCP compatibilities are turned off by default
    to improve scp argument processing.
  - The sftp-logging supported.
  - Etc.
o Add SHA256 hash.

PR:             ports/90813
Submitted by:   maintainer
Security:      
https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
20 Jun 2005 14:51:14
Original commit files touched by this commit  4.1_2
 This port version is marked as vulnerable.
nork search for other commits by this committer
Fix svn issue with scponly via ssh+svn://.

Submitted by:   Matthias Fechner <idefix@fechner.net>
Reviewed by:    rushani (maintainer)
19 Jun 2005 04:20:40
Original commit files touched by this commit  4.1_1
 This port version is marked as vulnerable.
nork search for other commits by this committer
Bump PORTREVISION by previous commit.

Approved by:    rushani (maintainer)
18 Jun 2005 18:50:26
Original commit files touched by this commit  4.1
 This port version is marked as vulnerable.
nork search for other commits by this committer
Add support ssh+svn://.

PR:             ports/81889
Submitted by:   Matthias Fechner <idefix@fechner.net>
Approved by:    rushani (maintainer)
14 Apr 2005 03:56:00
Original commit files touched by this commit  4.1
 This port version is marked as vulnerable.
leeym search for other commits by this committer
- Update to 4.1

PR:             79859
Submitted by:   rushani
15 Dec 2004 10:47:52
Original commit files touched by this commit  4.0_1
 This port version is marked as vulnerable.
vs search for other commits by this committer
Scponly validates dangerous arguments since version 4.0.  However,
there is a regression compared with version 3.11.  That is scponly
can not be built only with sftp support.

Reference: https://lists.ccs.neu.edu/pipermail/scponly/2004-December/000655.html

PR:             ports/75092
Submitteed by:  maintainer
04 Dec 2004 23:56:24
Original commit files touched by this commit  4.0
 This port version is marked as vulnerable.
pav search for other commits by this committer
- Update to 4.0

PR:             ports/74633
Submitted by:   rushani (maintainer)
17 Jul 2004 13:02:01
Original commit files touched by this commit  3.11
 This port version is marked as vulnerable.
krion search for other commits by this committer
Update to 3.11

PR:             ports/69179
Submitted by:   maintainer
20 Mar 2004 11:53:48
Original commit files touched by this commit  3.9
 This port version is marked as vulnerable.
nork search for other commits by this committer
Remove old version's SIZE.

Submitted by:   rushani (maintainer)
Committed at:   CBUG Curry Camp in Yatsugatake, Yamanashi-ken, Japan.
20 Mar 2004 09:54:30
Original commit files touched by this commit  3.9
 This port version is marked as vulnerable.
nork search for other commits by this committer
Update to 3.9(support for WinSCP3).

PR:             ports/64076
Submitted by:   Jim Shewmaker <jims@bluenotch.com>
Reviewed by:    rushani (maintainer)
Committed at:   CBUG Curry Camp in Yatsugatake, Yamanashi-ken, Japan.
18 Mar 2004 09:04:45
Original commit files touched by this commit  3.8_1
 This port version is marked as vulnerable.
krion search for other commits by this committer
- SIZE'ify

PR:             ports/64396
Submitted by:   rushani
21 Nov 2003 00:59:01
Original commit files touched by this commit  3.8_1
 This port version is marked as vulnerable.
jeh search for other commits by this committer
scponly dist includes a script which setup chroot cage, which
depends a location of run-time link-editor.  Since FreeBSD has
dynamic root capability from __FreeBSD_version == 501105, we
should add new location to unbreak the script.

PR:             59511
Submintted by:  MAINTAINER
02 Sep 2003 08:47:16
Original commit files touched by this commit  3.8_1
 This port version is marked as vulnerable.
nork search for other commits by this committer
o Respect scponly default configuration.
o Introduce WITH_SCPONLY_CHROOT knob.
o Use ${DOCSDIR} in Makefile.

PR:             ports/56300
Submitted by:   rushani (maintainer)
25 Jul 2003 23:15:46
Original commit files touched by this commit  3.8
 This port version is marked as vulnerable.
maho search for other commits by this committer
Fix compatibility with rsync (depend explicitly on rsync).

PR:             54844
Submitted by:   rushani (maintainer)
25 Jul 2003 23:12:03
Original commit files touched by this commit  3.8
 This port version is marked as vulnerable.
maho search for other commits by this committer
fix configure arguments for gftp stuff.

PR:             54843
Submitted by:   rushani (maintainer)
10 May 2003 21:54:40
Original commit files touched by this commit  3.8
 This port version is marked as vulnerable.
nork search for other commits by this committer
Change maintainership to submitter.

Submitted by:   Hideyuki KURASHINA <rushani@FreeBSD.org>
Approved by:    Ken McGlothlen <mcglk@artlogix.com> (maintainer)
03 May 2003 15:53:06
Original commit files touched by this commit  3.8
 This port version is marked as vulnerable.
nork search for other commits by this committer
Update to 3.8.

PR:             ports/51633
Submitted by:   rushani
Approved by:    maintainer implicitly
17 Apr 2003 18:40:51
Original commit files touched by this commit  3.7
 This port version is marked as vulnerable.
nork search for other commits by this committer
o Update to 3.7.
o Take up more safety default setting.

PR:             ports/48480, ports/48492, ports/50899
Submitted by:   Sergey A. Osokin <osa@FreeBSD.org.ru>
                Adam Jette <jettea@fuzzynerd.com>
                Miguel Mendez <flynn@energyhq.homeip.net>
Reviewed by:    Sergey A. Osokin <osa@FreeBSD.org.ru>
                Miguel Mendez <flynn@energyhq.homeip.net>
                Ken McGlothlen <mcglk@artlogix.com> (maintainer)
Approved by:    Ken McGlothlen <mcglk@artlogix.com> (maintainer)
21 Feb 2003 13:26:58
Original commit files touched by this commit  3.4
 This port version is marked as vulnerable.
knu search for other commits by this committer
De-pkg-comment.
05 Jan 2003 18:30:28
Original commit files touched by this commit  3.4
 This port version is marked as vulnerable.
ijliao search for other commits by this committer
fix plist

PR:             46781
Submitted by:   Philip Paeps <philip@vitaya.be>
03 Jan 2003 18:15:43
Original commit files touched by this commit  3.4
 This port version is marked as vulnerable.
ijliao search for other commits by this committer
upgrade to 3.4

PR:             46243
Submitted by:   maintainer
10 Sep 2002 22:18:47
Original commit files touched by this commit  2.4
 This port version is marked as vulnerable.
obraun search for other commits by this committer
Add scponly 2.4, a tiny shell which only permits scp and sftp.

PR:             ports/40935
Submitted by:   Ken McGlothlen <mcglk@artlogix.com>

Number of commits found: 56

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
asterisk11Sep 18
squidSep 18
squid33Sep 18
dbusSep 17
nginxSep 16
nginx-develSep 16
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03

8 vulnerabilities affecting 19 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24133
Broken 116
Deprecated 46
Ignore 370
Forbidden 3
Restricted 205
No CDROM 94
Vulnerable 20
Expired 1
Set to expire 41
Interactive 0
new 24 hours 2
new 48 hours74
new 7 days92
new fortnight138
new month287

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.