Hi, On Tue, Dec 28, 2004 at 04:53:45PM +0100, Bob wrote: > I have very special needs and i wanted to use rsync over ssh. I don't > know if a solution already exists for what i want to do. I want to > provide rsync over ssh to my users. Howevern i want to have the > following limitations : > 1. No shell access > 2. Limitting users to their home directories > > I was thinking to the folowing solution, but i don't know if it is > secure enough : > Create a dummy-shell sor ssh login that only allow the rsync --server > --sender command. Then i get the path of the wanted files, and i appened > it to the home directory of the user. Ex : the user requests /test, i > give him : /home/usrname/test > Then i uses the realpath function to canonicalize the path and i check > that it really begins with /home/usrname to prevent users from getting > files outside of their home directory. > I execute the rsync command with the new built path... > > I think this should work but i would like to know what do you think > about security.
Use chroot(2) to get more robust solution. See also ftp://ftp.altlinux.org/pub/people/ldv/rshell/ -- ldv
pgp4MXcXoSFp8.pgp
Description: PGP signature
-- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
