restricted shell
Gyepi SAM
gyepi at praxis-sw.com
Sun Apr 29 02:44:32 EST 2001
On Sat, Apr 28, 2001 at 06:24:48PM +0200, Markus Friedl wrote:
> it's easier if the sftp-server does chroot.
But then scp would also have to do the same thing if we are allowing both.
It would seem easier to be to leave sftp-server and scp as they are and
centralize the chroot and other related local security measures in the
restricted shell, no?
> however you need a setuid sftp-server.
Same response.
> additionally you have to disallow writing of $HOME,
> restrict sftp to subdirs only. otherwise the user
> can modify .ssh or .forward...
I would leave this as an administrator option since I can imagine scenarios
where both of those actions might be desirable.
-Gyepi
--
Anything that won't sell, I don't want to invent. Its sale is proof of utility
and utility is success. --Thomas Alva Edison
More information about the openssh-unix-dev
mailing list