ForceCommand and NFS-shared home directories

Ben Lindstrom mouring at eviladmin.org
Tue Mar 25 01:37:08 EST 2008



On Mon, 24 Mar 2008, Mikhail Terekhov wrote:
>
> Yes in cases like my this option would be very useful.
> Meantime do you think that writing a wrapper script for the shell on the
> server that bypasses everything but the predefined in "ForceCommand"
> command would be a reasonable workaround?
>

Since it is sshd and not any shell running the ~/.ssh/rc file.  No amount 
of workarounds will resolve this.  Only change the sshd can change this 
behavior.

Taking a glance (because I don't have time to look at it fully right now) 
the changes are ...

1. add: int is_forcedcommand; to session.h
2. modify line 1206 (or so) to read:

-        /* ignore _PATH_SSH_USER_RC for subsystems */
+	 /* ignore _PATH_SSH_USER_RC for subsystems and forced commands */
-        if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+        if (!s->is_subsystem && !s->forcedcommand && 
+	     (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
                 snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
                     shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
4. Maybe initialize s->is_forcedcommand = 0;  (maybe, because we may do a
 	bzero() or other such magic to clear memory for this struct)
3. Find the right place to set s->is_forcedcommand = 1; (Since I've been
 	out of the code for too many years.  I can't state the right
 	place at this moment.  I assume still somewhere in sessions.c)



- Ben


More information about the openssh-unix-dev mailing list