rsync over ssh, multiple private keys sharing same UID, chroot
Alex Bligh
alex at alex.org.uk
Wed Apr 7 07:54:22 EST 2010
--On 6 April 2010 21:52:31 +0200 Martin Schröder <martin at oneiros.de> wrote:
> 2010/4/6 Alex Bligh <alex at alex.org.uk>:
>> Let us assume that I also wish to prevent them from using any
>> service other than rsync.
>
> Sure. Use the attached script in ForceCommand or google for more
> complex solutions.
How do you, for instance, prevent copies with (e.g.) --copy-unsafe-links
set, with links which point outside the directory tree of the pseudo-user
concerned, to other parts with the same UID? Or are you relying on chroot
to handle that? I thought about pre-processing all the options to the rsync
--server process, but that seems like lots of hard work prone to accidental
failure. I suppose I could strip all options, except for a select few. I
can't help think that if I could avoid rsync generating anything but
regular files in one directory (which is all I need), I could avoid the
whole chroot stuff.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list