Re: [Freebsd-security] Re: Multi-User Security

From: Lupe Christoph (lupe_at_lupe-christoph.de)
Date: 06/14/04

  • Next message: Remko Lodder: "Re: [Freebsd-security] Re: Multi-User Security" 
    Date: Mon, 14 Jun 2004 14:43:07 +0200
To: cjclark@alum.mit.edu, Doug Barton <DougB@FreeBSD.org>, "freebsd-security@freebsd.org" <freebsd-security@FreeBSD.org>, Remko Lodder <remko@elvandar.org>, "David E. Meier" <dev@eth0.ch>, Dan Rue <drue@therub.org>

    On Monday, 2004-06-14 at 12:38:58 +0100, Bruce M Simpson wrote:
    > On Wed, Jun 09, 2004 at 07:52:23AM -0700, Crist J. Clark wrote:
    > > To do scp-only, you either need (a) a hacked up sshd(8) daemon, (b) a
    > > jailed environment, or (c) a special shell for the user that only allows
    > > scp(1) to run. The funny thing is, I think (c) is probably the easiest
    > > to implement on a mass scale, but seems to be the option most seldom
    > > considered.

    > ports/shells/scponly

    That's a liiiitttle short. ;-)

    scponly covers both (b) as scponlyc and (c). It works with scp, sftp,
    WinSCP, gftp and (IIRC) rsync. Great tool.

    Lupe Christoph 

    -- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Remko Lodder: "Re: [Freebsd-security] Re: Multi-User Security"