From owner-freebsd-questions Sat Dec 9 14: 9:57 2000 From owner-freebsd-questions@FreeBSD.ORG Sat Dec 9 14:09:55 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from moutvdom00.kundenserver.de (moutvdom00.kundenserver.de [195.20.224.149]) by hub.freebsd.org (Postfix) with ESMTP id 0033237B400; Sat, 9 Dec 2000 14:09:53 -0800 (PST) Received: from [195.20.224.220] (helo=mrvdom04.kundenserver.de) by moutvdom00.kundenserver.de with esmtp (Exim 2.12 #2) id 144sBe-00004q-00; Sat, 9 Dec 2000 23:09:46 +0100 Received: from p3e9b8e50.dip.t-dialin.net ([62.155.142.80] helo=pc3) by mrvdom04.kundenserver.de with smtp (Exim 2.12 #2) id 144sBc-0002zp-00; Sat, 9 Dec 2000 23:09:45 +0100 Message-ID: <005201c0622c$93aff800$0364000a@rachinsky.de> From: "Nicolas" To: "Nicolai L. Brown" , "Bill Paul" Cc: References: <20001208202307.0CE0E37B401@hub.freebsd.org> Subject: Re: scp only Date: Sat, 9 Dec 2000 23:06:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm sorry but none of your solutions works. /bin/false as shells denies any access via ssh (including scp) ~/.login containing logout could be circumvented by starting another = command (e.g. /bin/sh) via ssh. Nicolas ----- Original Message -----=20 From: "Bill Paul" To: "Nicolai L. Brown" Cc: Sent: Friday, December 08, 2000 9:23 PM Subject: Re: scp only > >=20 > > On Fri, 8 Dec 2000, Nicolas wrote: > >=20 > > > Hallo, > > > > > > I want to let a user upload files via scp to one of my machines, = but i > > > don't want to give him the possibility to log in or start any = programs > > > except scp. Is there any easy way to achieve this. I can't find = such > > > an option in the ssh docs. Thanks in advance.. > >=20 > > You might try giving them a csh shell, and a ~/.login file = containing the > > word "logout", and owned root:wheel. Also, chown their .cshrc and = .tcshrc > > files to root:wheel, so they cannot overwrite those with their own = via > > scp. > >=20 > > Don't know if this is the best solution, but it will work. >=20 > No it won't, monkeyboy. Even though the user doesn't have write access > to the files, he still owns the directory in which they reside. All > he has to do is FTP in and delete or rename them. Chown'ing the user's > home directory, would prevent this, but it might screw up other = things. >=20 > I would set the user's shell to /bin/false instead. I'm not sure > how sshd will react to this though. >=20 > -Bill >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message