X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
Subject: Re: Limit access via openssh?
In-Reply-To: <loom.20071114T140507-70@post.gmane.org>
To: cygwin@cygwin.com
Date: Wed, 14 Nov 2007 14:15:12 -0500 (EST)
X-Mailer: ELM [version 2.4ME+ PL124 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <E1IsNhg-00009S-RX@owl.gateway.2wire.net>
From: Robert Kiesling <kiesling@earthlink.net>
X-ELNK-Trace: 0b901cbc512a9d8594f5150ab1c16ac01a238acc8405a5b0df25831a3c9571a4890bc79959b46065350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

> This isn't strictly a cygwin question, but I'm using cygwin ssh implementation.
> I have an external user that uses ssh & public key to open a tunnel to my
> windows server running cygwin. They use the tunnel to connect to an apache
> server inside our network. This all works fine. What I want to do is to limit
> their access to only the apache server, and prevent them opening terminals on
> our server ?

If possible, create a GID and UID for the apache server.  Then allow 
the user to log in under that UID, or even better, GID.

Also make sure that the user has write permissions in the directory
containing httpd.

You're welcome.

-- 
Ctalk Home Page: http://ctalk-lang.sourceforge.net


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/