From owner-freebsd-questions@FreeBSD.ORG Mon May 7 20:34:25 2012 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6E89D106564A for ; Mon, 7 May 2012 20:34:25 +0000 (UTC) (envelope-from frank@fstaals.net) Received: from isp-bos-02.edutel.nl (isp-bos-02.edutel.nl [88.159.1.183]) by mx1.freebsd.org (Postfix) with ESMTP id 13D0A8FC08 for ; Mon, 7 May 2012 20:34:24 +0000 (UTC) Received: from isp-aos-01.edutel.intern (unknown [IPv6:2a01:670:100:11::1:1]) by isp-bos-02.edutel.nl (Postfix) with ESMTP id 87CD52C62BE; Mon, 7 May 2012 22:18:20 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by isp-aos-01.edutel.intern (Postfix) with ESMTP id 6364A3DC246; Mon, 7 May 2012 22:18:20 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at isp-aos-01.edutel.intern Received: from isp-aos-01.edutel.intern ([127.0.0.1]) by localhost (isp-aos-01.edutel.intern [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TM5PE-sCshxA; Mon, 7 May 2012 22:18:18 +0200 (CEST) Received: from lacus.fstaals.net (104-208.ftth.onsbrabantnet.nl [88.159.208.104]) by isp-aos-01.edutel.intern (Postfix) with ESMTPA id 38DB53DC24B; Mon, 7 May 2012 22:18:18 +0200 (CEST) Received: from lacus.fstaals.net (unknown [192.168.10.14]) by filter.fstaals.local (Postfix) with ESMTP id 385FD7F4FB3; Mon, 7 May 2012 22:18:16 +0200 (CEST) Received: from localhost (unknown [92.69.231.97]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: frank) by lacus.fstaals.net (Postfix) with ESMTPSA id CBD007F4086; Mon, 7 May 2012 22:18:15 +0200 (CEST) From: Frank Staals To: Paul Halliday References: <86aa1jaksf.fsf@red.stonehenge.com> User-Mail-Address: frank@fstaals.net Date: Mon, 07 May 2012 22:18:14 +0200 In-Reply-To: (Paul Halliday's message of "Mon, 7 May 2012 15:53:09 -0300") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (darwin) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: questions@freebsd.org, "Randal L. Schwartz" Subject: Re: Write only directory. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2012 20:34:25 -0000 Paul Halliday writes: > On Mon, May 7, 2012 at 3:49 PM, Randal L. Schwartz > wrote: >>>>>>> "Paul" =3D=3D Paul Halliday writes: >> >> Paul> Is it possible to let a user write to a directory but not access t= he >> Paul> file after they write it? >> >> Paul> The file is being transferred via scp and after the transfer I don= 't >> Paul> want them to be able to re-fetch or even get a directory listing. >> >> scp is via ssh. =C2=A0with ssh, they get a complete command line. =C2=A0= how are >> you going to prevent *that*? > > The users shell is /bin/false > > and sshd is setup like: > > Match User a_user > ChrootDirectory %h > ForceCommand internal-sftp > AllowTcpForwarding no There is also shells/scponly for this kind of thing. As for the file permis= sions question: not sure how to tackle that.=20 --=20 - Frank