SSH ok, SFTP ok , SCP broken... custom shell

Frank Cusack fcusack at fcusack.com
Fri Dec 9 13:02:59 EST 2005


On December 8, 2005 8:32:14 PM -0500 Ji Knoble <jmknoble at pobox.com> wrote:

> Circa 2005-12-08 19:19 dixit Frank Cusack:
>
> : On December 9, 2005 10:59:49 AM +1100 Darren Tucker <dtucker at zip.com.au> wrote:
> : > Graeme Tattersall wrote:
> : >> if [ grep $LOGNAME /etc/shell.allow 2>&1 > /dev/null ]
> : >
> : > Also, you should match against a complete line not a substring.  If user
> : > "foobar" is in shell.allow, then this will permit users "foo" and "bar"
> : > as well.  You can do this with egrep and regex anchors, eg
> : >
> : > 	if egrep "^$LOGNAME$" /etc/shell.allow
> :
> : 'grep -x' is better.
>
> Only for certain values of "better".  If Graeme were to extend his

Then we'd be talking about something different.  For the example given,
'grep -x' (or probably 'fgrep -x') is better, unqualified.

-frank




More information about the openssh-unix-dev mailing list