Should Subsystem work in a Match block?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Dec 14 09:21:29 EST 2010
On 12/13/2010 05:13 PM, Darren Tucker wrote:
> Right now Subsystem is only allowed in global scope ie not in a Match
> block.
>
> We only implemented the things that had a plausible use case to keep the
> number of permutations down. Is there a plausible use case for this?
https://bugzilla.mindrot.org/show_bug.cgi?id=1587
suggests:
Match Group nosftp
Subsystem sftp /bin/false
I started wondering about this thinking about how to support group SFTP
access for a shared project, so marking certain users with something like:
Subsystem sftp sftp-server -u 002
Maybe there's a preferred way to do something like this?
> That the documentation is accurate :-)
> (and if it's not, that it's a reportable bug)
:)
if the example in #1587 is wrong (and not expected to become right),
maybe we should at least note it in that bug log (i know bug logs are
not official documentation).
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20101213/0e94972e/attachment.bin>
More information about the openssh-unix-dev
mailing list