Date: Sat, 9 Dec 2000 23:06:44 +0100 From: "Nicolas" <list@rachinsky.de> To: "Nicolai L. Brown" <nbrown@iowaone.net>, "Bill Paul" <wpaul@FreeBSD.ORG> Cc: <freebsd-questions@freebsd.org> Subject: Re: scp only Message-ID: <005201c0622c$93aff800$0364000a@rachinsky.de> References: <20001208202307.0CE0E37B401@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm sorry but none of your solutions works. /bin/false as shells denies any access via ssh (including scp) ~/.login containing logout could be circumvented by starting another = command (e.g. /bin/sh) via ssh. Nicolas ----- Original Message -----=20 From: "Bill Paul" <wpaul@FreeBSD.ORG> To: "Nicolai L. Brown" <nbrown@iowaone.net> Cc: <freebsd-questions@freebsd.org> Sent: Friday, December 08, 2000 9:23 PM Subject: Re: scp only > >=20 > > On Fri, 8 Dec 2000, Nicolas wrote: > >=20 > > > Hallo, > > > > > > I want to let a user upload files via scp to one of my machines, = but i > > > don't want to give him the possibility to log in or start any = programs > > > except scp. Is there any easy way to achieve this. I can't find = such > > > an option in the ssh docs. Thanks in advance.. > >=20 > > You might try giving them a csh shell, and a ~/.login file = containing the > > word "logout", and owned root:wheel. Also, chown their .cshrc and = .tcshrc > > files to root:wheel, so they cannot overwrite those with their own = via > > scp. > >=20 > > Don't know if this is the best solution, but it will work. >=20 > No it won't, monkeyboy. Even though the user doesn't have write access > to the files, he still owns the directory in which they reside. All > he has to do is FTP in and delete or rename them. Chown'ing the user's > home directory, would prevent this, but it might screw up other = things. >=20 > I would set the user's shell to /bin/false instead. I'm not sure > how sshd will react to this though. >=20 > -Bill >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005201c0622c$93aff800$0364000a>