On Fri, Feb 6, 2009 at 5:44 PM, Robert Dailey <rcdai...@gmail.com> wrote: > > > On Fri, Feb 6, 2009 at 4:42 PM, Richard Edward Horner <r...@richhorner.com> > wrote: >> >> Yeah, Robert, even before this whole exchange unfolded I felt >> motivated to say that you're jumping into the deep end with chrooting. >> Derek summed up the issues of security nicely. >> >> For what you're trying to accomplish, you might want to look at >> changing the user's login shell to scponly. > > Would this be done without RSSH (Changing the login shell to scponly)? In > addition, is SCP capable of navigating outside of the home directory? For > example, could they do: > > scp /foo/bar/somefile ke...@domain:../../etc/somefile > > Something like that? I'm wondering if they can "step out" of the home > directory. > > Thanks again for everyone's help. >
I've deployed scponly to accomplish what you're attempting to do on a few servers without using RSSH. Just install scponly and then, as root, do: chsh username As for getting outside of their home dir, that you'll control with file permissions. Make sure the user is a member of their own group and no other groups. It's not the same level of isolation as RSSH in a chroot but it's good enough for most things. Provided you don't have any files set to world writable, they won't be able to overwrite anything outside their private group. Rich(ard) -- Richard Edward Horner Engineer / Composer / Electric Guitar Virtuoso http://richhorner.com ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
