Mr O wrote:
> What I'm doing is allowing my GF and others to use a GUI SSH
> client for Windows to login to the fileserver strictly to access
> my .ogg collection. I don't want to grant them any other access
> and they more than likely won't know much about moving up to
> other directories so I'm not terribly paranoid about /tmp.
> Locally I use samba and NFS for my own stuff. I'm more
> comfortable having them use a secure login. Also, can I restrict
> a users ability to change the password?
I have to agree with Garl and Jake that a login shell is probably the
wrong way to approach this. A samba or web server would make more
sense and be easier to learn. People are using the SLIMP3 web server
to serve audio through winamp, and other jukebox systems are around.
But, to answer your original question, take a look at bash's
'--restricted' option. It would be possible to set up something like
this as a login shell.
#!/bin/bash
PATH=/etc/legal-commands export bash --restricted
Then populate /etc/legal-commands with scripts that check their
arguments and only allow legal actions.
That's the raw mechanism you can use to create a very restricted
environment.
Also check out sudoers(5) -- in fact, you could set up bash
so the only command allowed is sudo, and use /etc/sudoers to
control other commands.
I'm also thinking that setting up a restricted account so your GF
can't use your computer is not the fast path to a happy relationship,
but you didn't ask about that. (-:
--
Bob Miller K<bob>
kbobsoft software consulting
http://kbobsoft.com [EMAIL PROTECTED]
_______________________________________________
Eug-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
