SSH ok, SFTP ok , SCP broken... custom shell
Frank Cusack
fcusack at fcusack.com
Fri Dec 9 13:02:59 EST 2005
On December 8, 2005 8:32:14 PM -0500 Ji Knoble <jmknoble at pobox.com> wrote:
> Circa 2005-12-08 19:19 dixit Frank Cusack:
>
> : On December 9, 2005 10:59:49 AM +1100 Darren Tucker <dtucker at zip.com.au> wrote:
> : > Graeme Tattersall wrote:
> : >> if [ grep $LOGNAME /etc/shell.allow 2>&1 > /dev/null ]
> : >
> : > Also, you should match against a complete line not a substring. If user
> : > "foobar" is in shell.allow, then this will permit users "foo" and "bar"
> : > as well. You can do this with egrep and regex anchors, eg
> : >
> : > if egrep "^$LOGNAME$" /etc/shell.allow
> :
> : 'grep -x' is better.
>
> Only for certain values of "better". If Graeme were to extend his
Then we'd be talking about something different. For the example given,
'grep -x' (or probably 'fgrep -x') is better, unqualified.
-frank
More information about the openssh-unix-dev
mailing list