SSH ok, SFTP ok , SCP broken... custom shell
Darren Tucker
dtucker at zip.com.au
Fri Dec 9 10:59:49 EST 2005
Graeme Tattersall wrote:
> Hi,
>
> Can anyone explain why a shell-wrapper script of the following form breaks scp?
> Can this kind of thing be re-worked to fix the breakage?
>
> The wrapper does not produce output, and checks a shell.allow file to see if
> access to a real shell such as bash should be granted.
>
>
> ------------
> eg :
>
> #!/bin/sh
>
> if [ grep $LOGNAME /etc/shell.allow 2>&1 > /dev/null ]
You don't need the "[]" brackets, they're the equivalent of the "test"
command.
Also, you should match against a complete line not a substring. If user
"foobar" is in shell.allow, then this will permit users "foo" and "bar"
as well. You can do this with egrep and regex anchors, eg
if egrep "^$LOGNAME$" /etc/shell.allow
> then
> exec -a - /bin/bash $*
This is your problem: you're not preserving the argument quoting. Try:
exec -a - /bin/bash "$@"
> else
> echo "Access Denied - Please request access"
> fi
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list