From owner-freebsd-questions@FreeBSD.ORG  Mon May  7 18:53:10 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ABC91106564A
	for <questions@freebsd.org>; Mon,  7 May 2012 18:53:10 +0000 (UTC)
	(envelope-from paul.halliday@gmail.com)
Received: from mail-qa0-f49.google.com (mail-qa0-f49.google.com
	[209.85.216.49])
	by mx1.freebsd.org (Postfix) with ESMTP id 6616F8FC1C
	for <questions@freebsd.org>; Mon,  7 May 2012 18:53:10 +0000 (UTC)
Received: by qabj40 with SMTP id j40so3431563qab.15
	for <questions@freebsd.org>; Mon, 07 May 2012 11:53:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=mp8N/dSAzDQA64kffcDz1VzKb1ZBe3lBYerom3vp/j4=;
	b=X5Vi+v5QHp7qo4FDPiGKfAzjpXVd2uAHI67O51vsHYsdIs3WumPTHSieNUBUVLMd01
	1FYUbZORkwnqV24rjKrKKBYQ2F4L2WXBPMUTROaDPFpB8yXknv0AtPLNgjIEVFrrbd5H
	eocL6i2GBq8yDls69Z0cX28KY3scESIEGbevDCAKK4fupIigeZYMvOLBAwvwltuXNAeZ
	O/RXus63WbLCtp+DNwLnz7TTqjQ25YKHt3CrlEuTmmr99ZaDb/kHYCvpfp/HVECpXfPb
	rm38iCzj2/hkrO7D5fCaeoQlw6I+qLJQ/1J9v4UqB3u/3ftnpyc1CHyttb5fLVf0KsZX
	n3hg==
MIME-Version: 1.0
Received: by 10.220.154.130 with SMTP id o2mr3224028vcw.57.1336416789738; Mon,
	07 May 2012 11:53:09 -0700 (PDT)
Received: by 10.220.201.75 with HTTP; Mon, 7 May 2012 11:53:09 -0700 (PDT)
In-Reply-To: <86aa1jaksf.fsf@red.stonehenge.com>
References: <CAJfn-REgWrEP-g9uAxGOpsvt8SxuKOf_xXr=5iy4SahP0cpvoA@mail.gmail.com>
	<86aa1jaksf.fsf@red.stonehenge.com>
Date: Mon, 7 May 2012 15:53:09 -0300
Message-ID: <CAJfn-RHK0t1wqkB=ac8wir1f4Mgh1Uo2SwHDnULv6CxSmUkuDA@mail.gmail.com>
From: Paul Halliday <paul.halliday@gmail.com>
To: "Randal L. Schwartz" <merlyn@stonehenge.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: questions@freebsd.org
Subject: Re: Write only directory.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 18:53:10 -0000

On Mon, May 7, 2012 at 3:49 PM, Randal L. Schwartz
<merlyn@stonehenge.com> wrote:
>>>>>> "Paul" =3D=3D Paul Halliday <paul.halliday@gmail.com> writes:
>
> Paul> Is it possible to let a user write to a directory but not access th=
e
> Paul> file after they write it?
>
> Paul> The file is being transferred via scp and after the transfer I don'=
t
> Paul> want them to be able to re-fetch or even get a directory listing.
>
> scp is via ssh. =A0with ssh, they get a complete command line. =A0how are
> you going to prevent *that*?

The users shell is /bin/false

and sshd is setup like:

Match User a_user
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no