[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: confine user

To: Monah Baki <mbaki@infoa.com>
Subject: Re: confine user
From: Volker Kindermann <volker@volker.de>
Date: Thu, 1 Aug 2002 22:15:45 +0200
Cc: misc@openbsd.org
References: <22B9FBAE-A577-11D6-8F0D-00039313E976@infoa.com>

> I have a user (non employee) who needs to ftp files to our OBSD2.9 
> server. I could ftpchroot his userid to confine him to his home 
> directory and have him use ftp, but I want him to use winscp. Is there
> 
> anyway to confine him to his home directory?. I was testing the
> scenario and I was able to ftp some files locally from /etc
> (ipf.rules), which I do not want him to do.

There is a solution for your problem: scponly. It's kind of a wrapper
for ssh. Your user has to authenticate versus the ssh-daemon and then
he'll get a special shell to allow only sftp commands. You have the
possibility to chroot the user to the given ~/ directory but
configuration is a bit tricky (as least it was for me two days ago).

The website of scponly is http://www.sublimation.org/scponly

Unfortunately it's down at the moment. The actual release of scponly is
version 2.1. If you can't find it anywhere, give me a PM, I could send
it to you.

hth
 -volker

-- 
"Those who would give up essential liberty to purchase a little
temporary safety deserve neither liberty nor safety."
 -Benjamin Franklin, 1759

References:
- confine user
  - From: Monah Baki <mbaki@infoa.com>

Prev by Date: Re: OpenSSL on OpenBSD 2.9
Next by Date: Re: ipsec/win2k clients (free)
Prev by thread: Re: confine user
Next by thread: ipsec/win2k clients (free)
Index(es):
- Date
- Thread