rsync over ssh, multiple private keys sharing same UID, chroot

Alex Bligh alex at
Wed Apr 7 07:54:22 EST 2010

--On 6 April 2010 21:52:31 +0200 Martin Schröder <martin at> wrote:

> 2010/4/6 Alex Bligh <alex at>:
>> Let us assume that I also wish to prevent them from using any
>> service other than rsync.
> Sure. Use the attached script in ForceCommand or google for more
> complex solutions.

How do you, for instance, prevent copies with (e.g.) --copy-unsafe-links
set, with links which point outside the directory tree of the pseudo-user
concerned, to other parts with the same UID? Or are you relying on chroot
to handle that? I thought about pre-processing all the options to the rsync
--server process, but that seems like lots of hard work prone to accidental
failure. I suppose I could strip all options, except for a select few. I
can't help think that if I could avoid rsync generating anything but
regular files in one directory (which is all I need), I could avoid the
whole chroot stuff.

Alex Bligh

More information about the openssh-unix-dev mailing list