Date: Sun, 10 Dec 2000 00:50:26 -0600 (CST) From: "Nicolai L. Brown" <nbrown@iowaone.net> To: Nicolas <list@rachinsky.de> Cc: <freebsd-questions@freebsd.org> Subject: Re: scp only Message-ID: <Pine.BSF.4.30.0012100044030.1230-100000@everest.iowaone.net> In-Reply-To: <005201c0622c$93aff800$0364000a@rachinsky.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 9 Dec 2000, Nicolas wrote: > I'm sorry but none of your solutions works. /bin/false as shells > denies any access via ssh (including scp) ~/.login containing logout > could be circumvented by starting another command (e.g. /bin/sh) via > ssh. Nicolas How? If their ~/.login contains 'logout', and they don't have access to overwrite it, they can't execute anything else. Maybe I'm missing something, show me how you are doing this. Nicolai > ----- Original Message ----- > From: "Bill Paul" <wpaul@FreeBSD.ORG> > To: "Nicolai L. Brown" <nbrown@iowaone.net> > Cc: <freebsd-questions@freebsd.org> > Sent: Friday, December 08, 2000 9:23 PM > Subject: Re: scp only > > > > > > > > On Fri, 8 Dec 2000, Nicolas wrote: > > > > > > > Hallo, > > > > > > > > I want to let a user upload files via scp to one of my machines, but i > > > > don't want to give him the possibility to log in or start any programs > > > > except scp. Is there any easy way to achieve this. I can't find such > > > > an option in the ssh docs. Thanks in advance.. > > > > > > You might try giving them a csh shell, and a ~/.login file containing the > > > word "logout", and owned root:wheel. Also, chown their .cshrc and .tcshrc > > > files to root:wheel, so they cannot overwrite those with their own via > > > scp. > > > > > > Don't know if this is the best solution, but it will work. > > > > No it won't, monkeyboy. Even though the user doesn't have write access > > to the files, he still owns the directory in which they reside. All > > he has to do is FTP in and delete or rename them. Chown'ing the user's > > home directory, would prevent this, but it might screw up other things. > > > > I would set the user's shell to /bin/false instead. I'm not sure > > how sshd will react to this though. > > > > -Bill > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0012100044030.1230-100000>