restrict file transfer in rsync, scp, sftp?
Nico Kadel-Garcia
nkadel at gmail.com
Mon Nov 13 06:05:55 AEDT 2023
On Sat, Nov 11, 2023 at 7:16 PM Bob Proulx <bob at proulx.com> wrote:
>
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
The simplest answer is "don't bother". Switch to FTPS, which is
supported with quite simple tools like vsftpd and is vastly simpler to
entirely segregate user spaces for.
If you have a compelling need to support scp and/or rsync, you can
look at the old "rssh" tools, I used to publish RHEL wrappers for that
at https://github.com/nkadel/rssh-chroot-tools , but stopped
maintaining my copy years ago. They're far more burdensome, and
maintaining the SFTP based "only see the upload or download folder"
configs is a lot more work, than simply using vsftpd and FTPS.
More information about the openssh-unix-dev
mailing list