| delorie.com/archives/browse.cgi | search |
| X-Spam-Check-By: | sourceware.org |
| Date: | Thu, 1 Mar 2007 16:28:15 +0200 |
| Message-Id: | <200703011428.l21ESF4S026963@beta.mvs.co.il> |
| From: | "Ehud Karni" <ehud AT unix DOT mvs DOT co DOT il> |
| To: | skatingrox2 AT gmail DOT com |
| Cc: | cygwin AT cygwin DOT com |
| Subject: | Re: Remove user access to local drives? |
| In-reply-to: | <loom.20070227T203610-344@post.gmane.org> (message from Francis on Tue, 27 Feb 2007 19:37:25 +0000 (UTC)) |
| Reply-to: | ehud AT unix DOT mvs DOT co DOT il |
| References: | <loom DOT 20070227T203610-344 AT post DOT gmane DOT org> |
| X-Mailer: | Emacs 21.3.1 rmail (send-msg 1.108) |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Tue, 27 Feb 2007 19:37:25, Francis wrote: > > I am running a OpenSSH server for some friends on my machine, and I was hoping > to disable access to /cygdrive (local drives.) Is there a way to prevent them > from modifying any files also? this is intended just as a SSH tunneling method > to get us around some Websense. I have restricted ssh users to a some directory with some commands only on GNU/Linux by using `chroot' and restricted shell (bash). This won't work on Cygwin, because there is no `chroot' jail (not supported by the underlying OS). You have 2 options: 1. Use the /etc/passwd to specify your own shell which will check the input and execute only the allowed commands (by being filter to a shell or by calling `system'). 2. Use cgf advice and restrict the ssh user to one command only (by the authorized_keys file which will be a filter (same as in 1). This has some drawbacks on Cygwin (unlike UNIX), but for your purpose it is not significant. Ehud. -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |