Jamie Webb wrote:
At least some people are finding this sort of thing not so simple:
http://www.snailbook.com/faq/restricted-scp.auto.html
http://www.pizzashack.org/rssh/security.shtml
The first link seems to suggest that it's alright. It says:
<quote>
...the best you can do is to restrict the user to only running the
file-transfer server.
The simplest way to do this is to make the target account
special-purpose, by giving it a shell which only allows runing the
file-transfer server. SSH always uses the shell to run remote programs,
so this is a reliable restriction.
</quote>
It says that "this is a reliable restriction". Okay, it also says:
<quote>
If you don't want to limit the account this way, then it gets harder to
do this reliably.
</quote>
But I *do* want to limit the account in this way, so there's no problem.
In our project we made a shell that allows three commands: scp, darcs,
svn. We're still experimenting, so I can't say if this is what we'll use
at the end. I think we'll need to replace svn by svnserve (haven't
tested that yet). But you get the idea.
Cheers,
Daniel.
--
/\/`) http://oooauthors.org
/\/_/ http://opendocumentfellowship.org
/\/_/
\/_/ I am not over-weight, I am under-tall.
/
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
