On Fri, Sep 13, 2002 at 02:55:19PM +0200, Erich Schubert wrote: > > rssh is a restricted shell to be used as a substitute of the login > > shell to allow users to perform only scp/sftp operations. > > . > > The security implications are high, so the home directories have > > to be set following the instructions provided by the author. > > Is it possible to "chroot" the user into his own directory as well? > I've configured my ftp server to chroot to ~, and i'd like to give users > the possibility of using sftp or scp, but without giving them shell > access - and preferrably with them limited to the same directory... No. rssh is just a wrapper in C for use as a substitute of the shell itself. It restricts the command you can issue remotely, like scp and sftp-server, and the flags and arguments you pass to them. chroot is being invvestigated by its author, but not implemented. In orther for chroot to work, you would need to put the scp static binary inside the jail, and all the necesary libs. only if scp/sftp-server themselves could chroot, the implementation would be rather easy. I have not investigated the later implementation, if possible. > Does this work with "winscp"? winscp seems to be somehow broken; afaik > it needs bash and doesn't work with tcsh... > Guess it requires some special "ls" format or something like that. Dunno. I found scponly which has the compatibility, but the ITP bug has been without any entry for some time... Maybe I will pack it for myself and provide it until the ITP owner decides what to do. J -- Jesus Climent | Unix System Admin | Helsinki, Finland. web: www.hispalinux.es/~data/ | pumuki.hispalinux.es ------------------------------------------------------ Please, encrypt mail sent to me: GnuPG ID: 86946D69 FP: BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69 ------------------------------------------------------ Registered Linux user #66350 Debian 3.0 & Linux 2.4.20 Bates Motel... 12 rooms, 12 vacancies. --Norman Bates (Psycho)
Attachment:
pgpmM5MmGB6wg.pgp
Description: PGP signature