sftp, scponly, restricted user environments
A. Khattri
ajai
Sun Jan 2 01:17:14 PST 2005
On Sat, 1 Jan 2005, Collins Richey wrote:
> We are in the process of setting up a user environment for users of
> our local lug. Our desire is to have user accounts that do not have a
> usable shell but to allow users to upload files, create/destroy
> directories under their home directory, remove files under their home
> directory, etc. sftp is a nice, somewhat secure way of getting this to
> happen, but it allows cd to any directory under the sun. I found some
> references to the scponly shell, but we don't currently have that
> installed on the server (FC3).
>
> We will be requiring public/private key authentication ans ssh or sftp
> for any access to the server. Users will be able to maintain their own
> webpage on our server (we use Apache).
>
> Thus far I haven't found any easy way to restrict the cd command under
> sftp. Is there any way to do this without setting up a chroot jail
> (uggh! more work than I would like)?
>
> Does anyone have any suggestions or experience with this type of setup?
I have setup something like this on a web server.
Basically, Im using rssh as the login shell for these accounts.
I am using libnss-mysql for the underlying accounts (and caching with
nscd). Works pretty well.
--
reaper n.
A prowler that GFRs files. A file
removed in this way is said to have been `reaped'.
More information about the Linux-users
mailing list