rsync without a shell

Federico Voges fvoges
Mon May 17 11:43:06 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 12 Jan 2003 17:59:46 -0500 (EST), Net Llama! wrote:

>On Fri, 10 Jan 2003, Federico Voges wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Fri, 10 Jan 2003 17:20:12 -0500 (EST), Net Llama! wrote:
>>
>> >I'm trying to setup rsync over ssh without giving the user a shell
>> >account.  Unfortunately, setting the user's shell to /bin/false prevents
>> >the rsync from running, as it fails with this error:
>> >rsync: connection unexpectedly closed (0 bytes read so far)
>> >rsync error: error in rsync protocol data stream (code 12)
>> >
>> >Does anyone have any suggestions?
>> >
>>
>> I guess that you need a valid shell so rsync can exec rsync on the
>> remote host.
>>
>> There's a project called rssh (http://freshmeat.net/projects/rssh/).
>> It's no exactly what you need but comes very close.
>>
>> Basically, it's a shell that restricts just to remote exec of scp
>> and/or sftp (no interactive shell).
>>
>> It shouldn't be to hard to add rsync to the list of allowed commands.
>> You'll have to do some research on how rsync over ssh works, though.
>
>Actually, i tried rssh, but the very limited dox don't explain how to
>specify the allowed commands.  Is this domented somewhere other than the
>rssh man page?
>

Nope, if you want to allow rsync, you'll have to modify the source
code. The allowed commands are hardcoded. You can disable them using
special names with symlinks (can't remember exactly how, but it's
documented on the site or the docs).

Sorry if I wasn't clear enough in my first post :(

Bye!
Federico Voges
Socio gerente

Intrasoft
Malabia 2137 14 A
(1425) Buenos Aires
Argentina

Te/Fax: 54-11-4833-5182
e-mail: fvoges at intrasoft.com.ar
Web: http://www.intrasoft.com.ar

PGP Public Key Fingerprint: A536 4595 EB6F D197  FBC1 5C3A 145C 2516

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.

iQA/AwUBPiH14RRcJRaVKt4XEQICegCg4lnKSiDQbjt6gbvzv/Qq13FARmAAn2lu
zHBNFmjcx5YDXvuQOXUMnflw
=rWzw
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list