Re: Restricting SCP2/SFTP access to Unix

From: Wu Fei Liang (wu_fei_liang_at_cms.ac)
Date: 11/07/03

  • Next message: krzee: "Re: SSH permission question"
    To: <fahroe@fahroe.com>, <secureshell@securityfocus.com>
    Date: Fri, 7 Nov 2003 19:41:32 +0100
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Friday 07 November 2003 04:01, Fahroe Ibrahim wrote:
    > Hi there,
    >
    > I would like to know if it is possible to restrict user from doing
    > SCP2/SFTP to a server, but still allowing him to do SSH to the same server.
    > If it is, where can I configure it?

    Hi!

    I don't know whether it is possible to configure that through the config-files
    of ssh but i think i could have another solution for you. You could do
    something like this:

    1) Change the access permissions of scp and sftp:
            
            root #chmod o-x /usr/bin/sftp /usr/bin/scp

       This would prevent regular users from executing these two commands

    2) In case you would like to allow specific users to use scp, you could just
    add a new group and put the privileged users into that group, e.g. susers.

            root #groupadd susers
            root #chown root:susers /usr/bin/sftp /usr/bin/scp
            root #chmod o-x /usr/bin/sftp /usr/bin/scp

    hth
    - --

    - --------------------------------------------------------------
    WU Fei Liang Computer & Media Security
                                    University of Applied Sciences
                                           4232 Hagenberg, Austria

    [ Mail ] wu_fei_liang@cms.ac

    [ Public-Key ]
    http://pgp.mit.edu:11371/pks/lookup?search=0xC5633638&op=index
    - --------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/q+dcuoi2rcVjNjgRAtQWAJ4ijlb6UFHXyRacl0C6Ka6+UeWNbACfQ2bw
    i8VsGykkK0yyYlVn82VsHSE=
    =LXGP
    -----END PGP SIGNATURE-----


  • Next message: krzee: "Re: SSH permission question"