Re: allow only sftp?

From: Brian Hatch (
Date: 04/12/03

  • Next message: Lesley Leposo: "RSA_private_encrypt"
    Date: Fri, 11 Apr 2003 15:07:35 -0700
    From: Brian Hatch <>
    To: Graeme Vetterlein <>

    > > Since subsystems do: $SHELL -c $SUBSYSTEM
    > If this does what it sounds like, seems a pretty dumb decision.
    > I write a 'subsystem' in perl and expect the shell to be perl
    > I write a 'subsysyem' in C and don't care what shell is ruuning just
    > exec(2) me
    > I write a 'subsystem' in csh(1) and expect the shell to be csh(1)
    > But no way does it make sense to run 'MY' system in the 'prefered shell' of
    > 'HIM/HER' .
    > In short it's the shell that the writer of the subsystem assumed which
    > should be used
    > not the shell shell that the end user happens to like. The shell the writer
    > should
    > assume is whatever one the ssh docs tell him it will be. So:
    > /bin/sh -c ${SUBSYSTEM}
    > or simply exec ${SUBSYSTEM}
    > Would be more reasonable??

    Many sites set up users with specific shells that read global and
    per-user configuration files to set up their environment correctly,
    such as to set an appropriate umask, create process limits, or add
    things to your path. While you can do this in PAM as well, not every
    machine has PAM built in, and many many administrators don't know
    how to configure these things using PAM, so you'd be depriving them
    of this option.

    Brian Hatch                  I have no cognitive
       Systems and                powers.  It's amazing
       Security Engineer          that I'm respirating.     --bree
    Every message PGP signed

  • Next message: Lesley Leposo: "RSA_private_encrypt"