scp -t . - possible idea for additional parameter
guyverdh at hotmail.com
Thu Oct 11 02:30:14 EST 2007
>1. Why do you think this change provides effective security?
Specifying the starting directory, and not allowing the user to navigate above it effectively locks the user within that directory.
>2. Have you ever tried to implement something like this, dealing with>symbolic links, bind mounts, etc.?
Since you cannot transfer symlinks directly via the scp command, there wouldn't be any in the directories we would be using on the remote system.
>If you want to confine users effectively, chroot them.
chroot'ing should not be used as a security method, that's been clearly stated time and again.
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.
More information about the openssh-unix-dev