Re: How do I set-up secure automated file push and pull?

From: Mark A. Hershberger (
Date: 04/23/02

To: "Anupam" <>
From: (Mark A. Hershberger)
Date: 23 Apr 2002 15:03:17 -0500

"Anupam" <> writes:

> 3. SSH account
> Pros:
> + Account with shell as /usr/lib/rsh and PATH="" is equivalent to denying
> login to machine
> + Because of /usr/lib/rsh as account's shell, account will be unable to
> write to standard o+w directories such as /tmp.
> + Along with use of quota, one can limit the amount of data written to
> various file systems.
> Cons:
> - Difficult to restrict read access to rest of files system, all o+r files
> are readable remotely. Might be easier to set-up on Trusted Solaris or on
> Solaris 8 using RBAC (any input???)
> - To set-up automated SSH one must use client side 'certificates' (not
> really a con, but an issue)

> - Are there any options I am missing?

- You can chroot sshd

- You can use the "command", "from", and "envrionment" in you
  .ssh/authorized_keys file to restrict what commands the client
  key can perform. (See sshd(8))

Find inner peace and ten thousand around you shall be saved.
		     -- St. Seraphim of Sarov

Relevant Pages

  • Re: restricted access to a split database on a server
    ... Windows file systems. ... is there any other way I can restrict access to a said ... server as domain controller to do the job, ... The situation I have is that the NAS server is at work, and the reason the Acess 2007 database is in mdb format is because there are still 2 users who have Access 2003 ...
  • Re: Programming in standard c
    ... We could restrict this to normal files. ... There are file systems supporting sparse files, ... only occupy 200K on disk, ... Other systems allow for compressed or partially compressed files, ...
  • Re: Add ZFS to locate.updatedb
    ... Why restrict it to just those three file systems? ... How about allowing more file systems, ...