Date: Wed, 26 May 2010 09:27:19 +0100 From: "Matthew Law" <matt@webcontracts.co.uk> To: "Matthew Seaman" <m.seaman@infracaninophile.co.uk> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: chroot scp only network storage? Message-ID: <fa3f469bb91446d2a902df1495e41d59.squirrel@www.webcontracts.co.uk> In-Reply-To: <4BFC49C6.2020709@infracaninophile.co.uk> References: <933e7d04f535bbe649f089f9deb60284.squirrel@www.webcontracts.co.uk> <4BFC49C6.2020709@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 25, 2010 11:05 pm, Matthew Seaman wrote: > Checkout the security/openssh-portable port which has options to enable > chroot'ing. You should be able to configure the account to only be able > to use scp(1) or sftp(1) by editing sshd_config or by using forced > commands in the user authorized_keys files. This sounds pretty close to what I want. I don't want the user to be able to get a shell on the box but do want to allow them to run a small subset of useful commands over ssh such as 'ls' and of course scp files to and from it. > Another alternative is WebDAV. Run it over HTTPS for security, and use > the standard Apache authn/authz controls to give each user access to > only their own area. In principle your users can mount their WebDAV > areas as networked filesystems on their desktops. In practice, this > works fine with MacOS X, is horribly buggy under Windows, needs quite a > lot of effort to make work on Linux, and I don't think it's actually > available at all on FreeBSD. However, commandline clients like cadaver > will work fine on anything Unixy. I've had problems with exactly this before on linux. I only need to allow linux, FreeBSD and Solaris users access to this resource so will persevere with something SSH based I think. Thanks, Matt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fa3f469bb91446d2a902df1495e41d59.squirrel>