SSH ok, SFTP ok , SCP broken... custom shell
Jim Knoble
jmknoble at pobox.com
Fri Dec 9 12:32:14 EST 2005
Circa 2005-12-08 19:19 dixit Frank Cusack:
: On December 9, 2005 10:59:49 AM +1100 Darren Tucker <dtucker at zip.com.au> wrote:
: > Graeme Tattersall wrote:
: >> if [ grep $LOGNAME /etc/shell.allow 2>&1 > /dev/null ]
: >
: > Also, you should match against a complete line not a substring. If user
: > "foobar" is in shell.allow, then this will permit users "foo" and "bar"
: > as well. You can do this with egrep and regex anchors, eg
: >
: > if egrep "^$LOGNAME$" /etc/shell.allow
:
: 'grep -x' is better.
Only for certain values of "better". If Graeme were to extend his
/etc/shell.allow file to use multiple fields (e.g., the name of the
shell as the second field, with fields separated by ':'), then 'grep -x'
would no longer be appropriate. The following will work with both the
one-user-per-line and the multi-field /etc/shell.allow:
if egrep "^$LOGNAME(:.*)?\$" /etc/shell.allow >/dev/null 2>&1
then
...
(Note the use of the backslash to escape the '$' used for the regex
inside the shell's double quotes, as well as the correct idiom for
redirecting stdout and stderr to /dev/null).
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 809F:09B9:9686:D035:4AB0::9455:124B:0A62:DD6A:76D6)
.....................................................................
:"The methods now being used to merchandise the political candidate :
: as though he were a deodorant positively guarantee the electorate :
: against ever hearing the truth about anything." --Aldous Huxley :
:...................................................................:
More information about the openssh-unix-dev
mailing list