Using /bin/sh to exec subsystems [PATCH]
Patrick Higgins
phiggins at transzap.com
Fri May 25 07:28:52 EST 2001
On 24 May 2001 15:47:31 -0500, mouring at etoh.eviladmin.org wrote:
>
>
> On 24 May 2001, Patrick Higgins wrote:
>
> [..]
> > Using sftp-server as a login shell works fine for sftp, but it's causing
> > some problems with other services. There really needs to be a cleaner
> > way to restrict access to specific subsystems.
> >
>
> Like what? Pop3 works, Imap works... <shrug> I've never met a well
> written program that has not worked with this method.
>
ProFTPd was checking the shell for validity, but it looks like there's a
config option to turn those checks off.
I hate to have to be hypothetical, but what if there were another
popular SSH subsystem and you wanted to allow a user to use them both,
but not have shell access? What I'm getting at is that while the
solution works (for now), it's not without problems. Perhaps they're
easy enough to live with until another subsystem is written (anyone know
of any)?
-Pat
More information about the openssh-unix-dev
mailing list