[Techtalk] sharing files - ssh and ftp
Rasjid Wilcox
rasjidw at openminddev.net
Sat May 3 17:50:13 EST 2003
On Saturday 03 May 2003 16:49, Mary wrote:
> On Sat, May 03, 2003, Rasjid Wilcox wrote:
> > How would this allow you to restrict a user to their home directory?
> > You could stop them using 'cd', but then the user could not navigate
> > around their own home directory structure.
>
> It wouldn't, you'd need to use a chroot jail I think. And the trouble
> with a jail is that you can't use anything much outside it at all, for
> example /usr/bin stuff - or the ssh binaries.
>
> However, it depends *why* you want to restrict them to their home dirs.
>
> If it's because "I don't want them executing commands, I don't want this
> to be a shell account, I just want them to be able to scp files they
> have permission to read to and fro" then using this command will limit
> the commands they can run to ssh alone, and standard permissions will
> bar them from files they aren't meant to read.
I have just had a quick play with this, and it seems to work well.
Suppose you want user 'someuser' to only have sftp access, but no ordinary
shell access. Then a simple
# chsh -s /usr/libexec/openssh/sftp-server someuser
seems to do the trick.
You can then use Filezilla on Windows or gFTP on Linux for a GUI SFTP client.
With gFTP you need to check 'Use SSH2 SFTP subsys' under FTP - Options - SSH.
If the user does try and log in using a normal ssh client, they get logged
straight into the sftp subsystem, and so they should be unable to run any
normal shell commands.
Cheers,
Rasjid.
--
Rasjid Wilcox
Canberra, Australia UTC + 10
http://www.openminddev.net
More information about the Techtalk
mailing list