From owner-freebsd-questions Fri Aug 30 8:30:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08FA937B400 for ; Fri, 30 Aug 2002 08:30:20 -0700 (PDT) Received: from relay01.cablecom.net (relay01.cablecom.net [62.2.33.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51EC243E6E for ; Fri, 30 Aug 2002 08:30:18 -0700 (PDT) (envelope-from mlist@stable.ch) Received: from smtp.swissonline.ch (mail-4.swissonline.ch [62.2.32.85]) by relay01.cablecom.net (8.12.5/8.12.5/SOL/AWF/MXRELAY/20020820) with ESMTP id g7UFUG20001785; Fri, 30 Aug 2002 17:30:16 +0200 (CEST) (envelope-from mlist@stable.ch) Received: from rock.stable.ch (dclient217-162-34-199.hispeed.ch [217.162.34.199]) by smtp.swissonline.ch (8.11.6/8.11.6/SMTPSOL/AWF/2002040101) with ESMTP id g7UFUFH24115; Fri, 30 Aug 2002 17:30:15 +0200 (MEST) Received: from mlist by rock.stable.ch with local (Exim 3.33 #1) id 17kniw-000DAd-00; Fri, 30 Aug 2002 17:30:14 +0200 Date: Fri, 30 Aug 2002 17:30:14 +0200 From: Thomas Spreng To: Oscar Ricardo Silva Cc: freebsd-questions@freebsd.org Subject: Re: secure transfer without shell? Message-ID: <20020830173014.A50458@rock.stable.ch> References: <5.1.0.14.2.20020830100300.026c4610@mail.utexas.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.0.14.2.20020830100300.026c4610@mail.utexas.edu>; from oscars@mail.utexas.edu on Fri, Aug 30, 2002 at 10:04:45AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Is there a way to allow people to use scp or sftp to copy files to a > machine but not giving them a shell? > > Any information would be appreciated. > > > > Thanks, > > Oscar Hello Oscar, this is one thing i wanted to do as well and i just have figured a way to do so. It seems that the shell opened on a sftp or scp connect doesn't read the user's startup script for login shells (.profile for Bourne shells like bash). So if you put an exit into that script, login shells will be immediatly closed while other shells like the one from the scp or sftp session remain. Of course you have to chown/chmod that login script so that it cant be modified by the user. I'm not sure how safe this is but it could be an easy way to solve that problem. Bye, Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message