From owner-freebsd-questions Fri Dec 8 12:23: 8 2000 From owner-freebsd-questions@FreeBSD.ORG Fri Dec 8 12:23:07 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 618) id 0CE0E37B401; Fri, 8 Dec 2000 12:23:07 -0800 (PST) Subject: Re: scp only In-Reply-To: from "Nicolai L. Brown" at "Dec 8, 2000 01:28:07 pm" To: nbrown@iowaone.net (Nicolai L. Brown) Date: Fri, 8 Dec 2000 12:23:06 -0800 (PST) Cc: freebsd-questions@freebsd.org X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001208202307.0CE0E37B401@hub.freebsd.org> From: wpaul@FreeBSD.ORG (Bill Paul) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > On Fri, 8 Dec 2000, Nicolas wrote: > > > Hallo, > > > > I want to let a user upload files via scp to one of my machines, but i > > don't want to give him the possibility to log in or start any programs > > except scp. Is there any easy way to achieve this. I can't find such > > an option in the ssh docs. Thanks in advance.. > > You might try giving them a csh shell, and a ~/.login file containing the > word "logout", and owned root:wheel. Also, chown their .cshrc and .tcshrc > files to root:wheel, so they cannot overwrite those with their own via > scp. > > Don't know if this is the best solution, but it will work. No it won't, monkeyboy. Even though the user doesn't have write access to the files, he still owns the directory in which they reside. All he has to do is FTP in and delete or rename them. Chown'ing the user's home directory, would prevent this, but it might screw up other things. I would set the user's shell to /bin/false instead. I'm not sure how sshd will react to this though. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message