I had to install groups and id to get rid of nag errors in winSCP but now whenever I connect to the Linux box using winSCP I get the following error

Command "groups"
failed with return code 1 and error message
id: cannot find name for group ID 501.

If I click cancel it logs on ok and connects to the chrooted dir no problem but I cannot upload any files, if I try it just hangs and I have to abort.

If I try ssh to the box it closes the shell after I enter a username and password for a user who is chrooted other users can ssh to it no probs.

I've done a bit more research and its definitely the unknown user error 501 from scp that is causing the problem so can anyone help with this?

< WinSCP: this is begin-of-file
! unknown user 501
< inSCP: this is end-of-file:255

501 is the uid of the user that is that is chrooted

Setup of chrooted dir trans is as follows

[root@application trans]# ls -la
total 20
drwxr-xr-x 5 root root 4096 Sep 12 16:49 .
drwxr-xr-x 21 root root 4096 Sep 12 14:32 ..
drwx--x--- 2 root trans 4096 Sep 12 16:49 bin
drwxr-x--- 4 root trans 4096 Sep 12 15:28 home
drwx--x--- 3 root trans 4096 Sep 12 13:55 lib
[root@application trans]# cd /trans/bin
[root@application bin]# ls -la
total 1408
drwx--x--- 2 root trans 4096 Sep 12 16:49 .
drwxr-xr-x 5 root root 4096 Sep 12 16:49 ..
-rwxr-xr-x 1 root root 626028 Sep 11 23:14 bash
-rwxr-xr-x 1 root root 47732 Sep 12 01:50 cp
-rwxr-xr-x 1 root root 1675 Sep 12 16:09 groups
-rwxr-xr-x 1 root root 14236 Sep 12 16:49 id
-rwxr-xr-x 1 root root 67668 Sep 12 01:36 ls
-rwxr-xr-x 1 root root 28504 Sep 12 13:51 scp
-rwxr-xr-x 1 root root 626028 Sep 12 01:17 sh
[root@application bin]# cd /trans/lib
[root@application lib]# ls -la
total 1884
drwx--x--- 3 root trans 4096 Sep 12 13:55 .
drwxr-xr-x 5 root root 4096 Sep 12 16:49 ..
-rwxr-xr-x 1 root root 104560 Sep 12 13:42 ld-linux.so.2
-rwxr-xr-x 1 root root 5572 Sep 12 13:54 libcom_err.so.3
-rwxr-xr-x 1 root root 969116 Sep 12 13:53 libcrypto.so.4
-rwxr-xr-x 1 root root 15900 Sep 12 13:41 libdl.so.2
-rwxr-xr-x 1 root root 73724 Sep 12 13:55 libgssapi_krb5.so.2
-rwxr-xr-x 1 root root 63880 Sep 12 13:54 libk5crypto.so.3
-rwxr-xr-x 1 root root 385220 Sep 12 13:53 libkrb5.so.3
-rwxr-xr-x 1 root root 91624 Sep 12 13:53 libnsl.so.1
-rwxr-xr-x 1 root root 76572 Sep 12 13:52 libresolv.so.2
-rwxr-xr-x 1 root root 11784 Sep 12 13:41 libtermcap.so.2
-rwxr-xr-x 1 root root 12716 Sep 12 13:52 libutil.so.1
-rwxr-xr-x 1 root root 52616 Sep 12 13:53 libz.so.1
drwxr-xr-x 2 root root 4096 Sep 12 13:41 tls

Do you have an entry in /etc/group for 501?

<user>:x:501

<user> should be the chroot user.

[root@application bin]# cd /trans/etc
[root@application etc]# ls -la
total 20
drwx------ 2 root root 4096 Sep 12 17:50 .
drwxr-xr-x 6 root root 4096 Sep 12 17:51 ..
-rw-r--r-- 1 root root 617 Sep 12 15:50 group
-rw-r--r-- 1 root root 1568 Sep 12 16:34 passwd
-r-------- 1 root root 1088 Sep 12 16:34 shadow

Still getting the same error with these files in the chroot, doesn't seem to make any difference if they are there or not??????

I had the exact same problem. After googling a bit for a solution (and finding your post), it began to look like setting up both the server (Openssh) and the client (WinSCP) to use sftp rather than scp would be easier to set up, and that proved to be true.
That also allows you to get rid of the bin and etc directories in the chroot jail (you still need lib, but not termcap).
Your chrooted user shell just needs to be sftp-server.
Note that here I also set up the chroot jail so that the .ssh directory is not visible after the user logs on.

root@cloweb:/home/sshguest> grep sshguest /etc/passwd
sshguest:x:22:222:Guest ssh user:/home/sshguest:/usr/local/bin/chroot_bash

root@cloweb:/home/sshguest> cat /usr/local/bin/chroot_bash
#!/bin/bash
/usr/sbin/chroot /home/sshguest/chroot_jail /usr/libexec/openssh/sftp-server

root@cloweb:/home/sshguest> find . -type f -exec ls -l {} \;
-rwxr-x--- 1 root sshguest 925227 Aug 1 2002 ./chroot_jail/lib/libcrypto.so.0.9.6b
-rwxr-x--- 1 root sshguest 12102 Oct 10 2002 ./chroot_jail/lib/libdl-2.2.5.so
-rwxr-x--- 1 root sshguest 89424 Sep 19 14:08 ./chroot_jail/lib/libnsl.so.1
-rwxr-x--- 1 root sshguest 59778 Feb 18 2002 ./chroot_jail/lib/libz.so.1.1.3
-rwxr-x--- 1 root sshguest 89547 Oct 10 2002 ./chroot_jail/lib/ld-2.2.5.so
-rwxr-x--- 1 root sshguest 11174 Oct 10 2002 ./chroot_jail/lib/libutil-2.2.5.so
-rwxr-x--- 1 root sshguest 1260480 Oct 10 2002 ./chroot_jail/lib/libc-2.2.5.so
-rwxr-x--- 1 root sshguest 23464 Sep 16 06:22 ./chroot_jail/usr/libexec/openssh/sftp-server
-rw-r----- 1 root sshguest 589 Sep 19 12:35 ./.ssh/authorized_keys2

I forgot to mention: you need to make the sftp-server binary in your chroot jail setuid/setgrpid of your restricted user (sshguest in my case), or else your remote users will be running as root (albeit in the chroot jail). Permission should look like this:

-r-sr-s--- 1 sshguest sshguest 23464 Sep 24 10:42 sftp-server

And of course the chroot binary has to be setuid root for this to work:

-rwsr-xr-x 1 root root 10184 Apr 8 2002 /usr/sbin/chroot

Hey, thanks for the input i'll give it a try and let you know how i get on

Hi,

I had a silimilar problem with HPUX and chroot user with openssh scp command, I solve this problem made truss for HPUX, Linux use strace.
The most common error when you configure chroot is that the system can't find libs in chroot lib directory.

Steps:

Run strace over some user for example root when this user use id or uid command and test if the libs are the same that you have into chroot lib directory, in my case work it and I can find the lib.

Put the lib into chroot lib directoy and test scp command.

I hope that explation help you.

In my case, completely same problem had occurred in Intel Solaris 8.0 system.
SCP cause errors because of unknown user, and groups command also reports the same error. So I ran the next command -"truss -fd -p (pid of inted)" in console, and then accessed from client by WinSCP in WinXP. In my machine, OpenSSH-Chroot was called from inetd with tcp-wrappers.
Then in console, I found some errors. Mainly thy were reports of missing files such as "/etc/nsswitch.conf", "/usr/lib/nss_files.so.1", and "/usr/lib/nss_nis.so.1". (Only checking ERR characters in console.)
In linux system, as formerly mentioned, please check file missing errors using "strace -f -e -p (pid)".
After adding missing files, SCP, groups, id commands ran successfully via WinSCP.
Best Regards.