RE: allow only sftp?

From: Graeme Vetterlein (Graeme.Vetterlein@ntl.com)
Date: 04/11/03

  • Next message: STEWARD, Curtis (Jamestown): "RE: Does OpenSSH support X.509 Certificate format?"
    From: Graeme Vetterlein <Graeme.Vetterlein@ntl.com>
    To: secureshell@securityfocus.com
    Date: Fri, 11 Apr 2003 11:19:01 +0100
    
    

    > setting the shell to /bin/false will stop subsystems from
    > working period.
    >
    > Since subsystems do: $SHELL -c $SUBSYSTEM

    If this does what it sounds like, seems a pretty dumb decision.

            I write a 'subsystem' in perl and expect the shell to be perl
            I write a 'subsysyem' in C and don't care what shell is ruuning just
    exec(2) me
            I write a 'subsystem' in csh(1) and expect the shell to be csh(1)

    But no way does it make sense to run 'MY' system in the 'prefered shell' of
    'HIM/HER' .

    In short it's the shell that the writer of the subsystem assumed which
    should be used
    not the shell shell that the end user happens to like. The shell the writer
    should
    assume is whatever one the ssh docs tell him it will be. So:
            
            /bin/sh -c ${SUBSYSTEM}
            or simply exec ${SUBSYSTEM}

    Would be more reasonable??

    --
    Graeme
    The contents of this email and any attachments are sent for the personal attention
    of the addressee(s) only and may be confidential.  If you are not the intended
    addressee, any use, disclosure or copying of this email and any attachments is
    unauthorised - please notify the sender by return and delete the message.  Any
    representations or commitments expressed in this email are subject to contract. 
     
    ntl Group Limited
    

  • Next message: STEWARD, Curtis (Jamestown): "RE: Does OpenSSH support X.509 Certificate format?"

    Relevant Pages

    • Re: [opensuse] change to bash
      ... I have SUSE10.2 installed and the default shell when login is tcsh. ... Unix System Administrator ... The contents of this e-mail message and any attachments are intended solely for ... This communication is intended to be and to ...
      (SuSE)
    • Re: "sh" command posted without formattin errors.
      ... > Your entire program is futzed from the get-go because chdir() ... shell parameters... ... html mail or attachments will go in the spam ...
      (comp.os.linux.misc)
    • Re: "sh" command posted without formattin errors.
      ... > Your entire program is futzed from the get-go because chdir() ... shell parameters... ... html mail or attachments will go in the spam ...
      (comp.os.linux.development.apps)
    • Re: allow only sftp?
      ... > If this does what it sounds like, seems a pretty dumb decision. ... > not the shell shell that the end user happens to like. ... The shell the writer ... While you can do this in PAM as well, ...
      (SSH)
    • UPDATE: c shell question
      ... program and have that shell source a particular cshrc file. ... Information in this e-mail and its attachments is confidential and may be ... If you are not one of the intended recipients, ...
      (SunManagers)