From owner-freebsd-questions@FreeBSD.ORG Tue May 25 22:23:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3950F106567D for ; Tue, 25 May 2010 22:23:31 +0000 (UTC) (envelope-from repcsike@gmail.com) Received: from mail-ew0-f209.google.com (mail-ew0-f209.google.com [209.85.219.209]) by mx1.freebsd.org (Postfix) with ESMTP id B40B48FC1A for ; Tue, 25 May 2010 22:23:30 +0000 (UTC) Received: by ewy1 with SMTP id 1so608320ewy.13 for ; Tue, 25 May 2010 15:23:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=iBtxw/m4GTsCxdvrIzS/pWWDFuFZZaMOPbl9t0eQjVs=; b=nmQ3is3dFKt/oRsmYc7UO/sJkX0yzZOZQmhNuDWiww5HHa6/hjGWDbT2lEpCHxZYl7 L53KExeoWY+f6afQe7JwzyvOM3OHAKjbRGyFLUQUFdT8eEFheSiKgaml3OpR9HBPYyeX LuwNZCyrJMnXxRs4FUaYXX3FA6nJAvYgII3Q4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=nUOR+n9Eh0V1i6U1h0DDAyqzX0h+GhY46SqUP3ifmqxdwmG9TDHTob9XimIviLJ9GU bHXqfPJ6H7/QtneX8gtwBZhISTxAOhdQURmSdqbz0Ag+FKjCRAtpLg7OV4m06VTTJuur 3Fs5Hjnj8KE11MD7z1fQAKNSu1PtHZW+gKbTg= MIME-Version: 1.0 Received: by 10.213.7.131 with SMTP id d3mr778699ebd.19.1274826209463; Tue, 25 May 2010 15:23:29 -0700 (PDT) Sender: repcsike@gmail.com Received: by 10.213.19.18 with HTTP; Tue, 25 May 2010 15:23:29 -0700 (PDT) In-Reply-To: <4BFC49C6.2020709@infracaninophile.co.uk> References: <933e7d04f535bbe649f089f9deb60284.squirrel@www.webcontracts.co.uk> <4BFC49C6.2020709@infracaninophile.co.uk> Date: Wed, 26 May 2010 00:23:29 +0200 X-Google-Sender-Auth: c6kGejY0tRsbeAYZPYv5m7U2tEs Message-ID: From: =?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?= To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: chroot scp only network storage? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 May 2010 22:23:31 -0000 Hello, Try /usr/ports/shells/scponly . Look up the features, this way you can assign the restrictive scponly shell to the users: http://sublimation.org/scponly/wiki/index.php/Main_Page Best Regards: Bal=E1zs M=E1t=E9ffy On 26 May 2010 00:05, Matthew Seaman wrote= : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 25/05/2010 22:29:57, Matthew Law wrote: > > > > I want to provide some users with secure network attached storage over > > SCP. The intent is to provide people with a similar thing to, e.g. > > rsync.net but inside of our network only. > > > > Security is obviously a priority so I would like each user to be chroot= ed > > into their allocated directory and allow them only to execute a small s= et > > of commands. > > Checkout the security/openssh-portable port which has options to enable > chroot'ing. You should be able to configure the account to only be able > to use scp(1) or sftp(1) by editing sshd_config or by using forced > commands in the user authorized_keys files. > > > I have come across scponly before. Is this the best way of achieving > this > > with FreeBSD or is there some other better way? > > Another alternative is WebDAV. Run it over HTTPS for security, and use > the standard Apache authn/authz controls to give each user access to > only their own area. In principle your users can mount their WebDAV > areas as networked filesystems on their desktops. In practice, this > works fine with MacOS X, is horribly buggy under Windows, needs quite a > lot of effort to make work on Linux, and I don't think it's actually > available at all on FreeBSD. However, commandline clients like cadaver > will work fine on anything Unixy. > > Cheers > > Matthew > > - -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matthew@infracaninophile.co.uk Kent, CT11 9PW > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.14 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf > CnUAnj668eKglbUe8RIfp8actDj13gYe > =3DjATZ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >