This was solved about 3 years ago, http://www.hackinglinuxexposed.com/articles/20030115.html
The command authenticator will work with any ssh/sftp command, even rsync or scp via ssh. I don't see any reason to reinvent the paper clip if I need a paper clip. Robert Sowders Senior SA, Honolulu HI. The contents of this message are mine personally and do not reflect any position of the U.S. Government "Mark Senior" <[EMAIL PROTECTED]> 12/21/2005 07:08 AM To "m l" <[EMAIL PROTECTED]> cc <[email protected]> Subject RE: Restricting sftp commands Probably the most robust thing would be to use file-system ACLs to restrict users to the desired actions. They could always try a "get" command, but it would fail if they tried to download a file to which they lacked read permissions. That would also have the advantage of working regardless of what means they used to access the server - sftp, ssh, console, etc. Regards Mark -----Original Message----- From: m l Sent: December 21, 2005 07:36 To: [email protected] Subject: Restricting sftp commands I've install OpenSSH_4.2p1 with RSSH on Solaris 10. It only accept "sftp" . I block SSh and the others. But the user still able to do commands like "chmod" "put" ,"get" etc......under sftp. Is there any way, when the user is in sftp prompt, to limit him to only use for example "PUT" command ? Martin "Do, Or do not. There is no try." -YODA- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
