Wayne Davison wrote:
On Sun, Oct 05, 2008 at 06:47:47AM +0200, Shachar Shemesh wrote:
The reason this is brought up is because I'm using rssh
(http://www.pizzashack.org/rssh/) as the user's shell to limit that
user to only be allowed to run rsync.
I looked at the source, and created a patch to make it just require the
--server option as the first option.
While I was looking at the code, I noticed that the check_command()
function was busted in that it would accept any abbreviated path of a
command (e.g. "/usr/bin/rs" would match "/usr/bin/rsync"). The author
apparently didn't know that strncmp() stops at a null (unlike memcmp()),
so the length-trimming that is done can just be removed. My patch fixes
that too.
Last I talked to the rssh maintainer (about a couple of years ago) I was
so frustrated with the attitude that I decided to only use rssh until I
knock something better together myself. He (used to) care about scp and
sftp, and little else. You can send the patch over, if you're feeling
lucky. I doubt I'll bother. The only reason I brought the question up
was that if I am going to be writing something myself, I would need to
know what to make it enforce.
Personally, and this is not something that any shell can solve, I would
love for a way to limit the files that the --server side rsync allows
access to. I can then use a custom shell to pass that command line to
rsync to ensure it's enforced.
..wayne..
Shachar
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
