Hey,
There used to be something called "Restricted Shell" or rsh (not to
be confused with remote shell).
Perhaps you could at least reduce the abilities of the person running
the shell by using such a shell.
Otherwise, give them a .profile (bash), or .login (csh) that logs
them out as soon as they log in. scp may get logged out too but I
doubt it. This has the drawback that a user can press control-c to
break out before he is logged out.
Upon reading p.188 of O'Rielly's Essential System Administration, 2nd
Ed.: you can restrict user commands of Rsh (AIX, DGUX), or krsh or
rsh (other *NIX) to just scp by creating a hard link "scp" from the
users "rbin" directory to the real scp command. Add as many or as
little commands as you like, then set the path variable for the user
to only use the rbin directory commands. Make the hard link owned by
root, and the rbin dir owned by root. I am not sure if a user could
replace the rbin directory with scp, but you could always check.
Let me know if this works.
Hope my adhoc nattering helps (otherwise I'll shut up),
TAFN,
Blair.
At 16:01 -0500 2001/10/18, <[EMAIL PROTECTED]> wrote:
>Fails.. For a simple reason. SSH launchs the command as
>
>{Your shell) -c scp ...
>
>since /bin/false does not understand -c it will just log the person out.
>
>- Ben
>
>On Tue, 16 Oct 2001, Blair Lowe wrote:
>
>> Try setting their shell to /bin/false: I am assuming *NIX is your OS.
>>
>> Hope this works,
>> Blair.
>>
>> At 16:28 -0400 2001/10/16, [EMAIL PROTECTED] wrote:
>> >Is there a good way to allow users to scp a file from a server but
>> >not login to that server using ssh?
>> >
>> >Thanks much!
>> >
>> >Judith Reed
>> >[EMAIL PROTECTED]
>> >
>> >
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >For additional commands, e-mail: [EMAIL PROTECTED]
>>
>> WE'RE LIVE! Get your .ca domain name today at http://www.domainsunder.ca
>> Computer Engineering Inc. http://www.compeng.net
>> Tel: (780) 450 8494 Outside the Edmonton Area Toll Free 1 877 968 7626
>> Hours: Mon - Fri 9:00 - 17:00 Mountain Time.
>> Fax: (780) 435 0693
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
WE'RE LIVE! Get your .ca domain name today at http://www.domainsunder.ca
Computer Engineering Inc. http://www.compeng.net
Tel: (780) 450 8494 Outside the Edmonton Area Toll Free 1 877 968 7626
Hours: Mon - Fri 9:00 - 17:00 Mountain Time.
Fax: (780) 435 0693
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
