Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Fri, 25 Jul 2003 21:45:37 +0300
From:	Ville Herva <vherva AT niksula DOT hut DOT fi>
To:	cygwin AT cygwin DOT com
Subject:	Re: SFTP only account
Message-ID:	<20030725184537.GE135678@niksula.cs.hut.fi>
References:	<PIEAJDKPMCCDFENHCAHLCEJLCAAA DOT tommie AT mcihispeed DOT net> <Pine DOT GSO DOT 4 DOT 44 DOT 0307232202470 DOT 26427-100000 AT slinky DOT cs DOT nyu DOT edu>
Mime-Version:	1.0
In-Reply-To:	<Pine.GSO.4.44.0307232202470.26427-100000@slinky.cs.nyu.edu>
User-Agent:	Mutt/1.4i

On Wed, Jul 23, 2003 at 10:12:45PM -0400, you [Igor Pechtchanski] wrote:
>
> Instead of setting the shell to /bin/false, set it to a script that checks
> the parameters (e.g., which program is invoked), and quits with a non-zero
> return code if the program is not "sftp", for example.  That same script
> can also do "chroot"  to your FTP directory, so the user can't get out of
> it.  Be sure to set all the relevant shell variables in the script (e.g.,
> PATH, IFS, etc).

There are a couple of such scripts available. Search the openssh mailing
list archive.

rssh is one of them:
http://www.pizzashack.org/rssh

scponly is another:
http://www.sublimation.org/scponly/

There may be others.


-- v --

v AT iki DOT fi

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -