Check out this URL:
http://mail.incredimail.com/howto/openssh/
It will allow you to use the magic './' notation for a user's home directory to chroot that user to the directory specified.
Brian
On 4-Nov-04, at 2:06 AM, Dario Lesca wrote:
... for a single user. I must only allow the download/upload files with scp or sftp-server.
Now I use this script (*) in the shell command of user, but I not know howto chroot the sftp-server command ....
Some suggest?
Many thanks
(*)
[lesca@lesca ssh-chroot]$ cat onlyscp.sh #!/bin/bash
#Shell for allow only scp <d${DOT}lesca${AT}solinos.it> #useradd -s /usr/local/bin/onlyscp.sh scpuser
#echo "par: $1|$2|$3|$4|$5" > /dev/pts/0 2>&1
CHROOT=/var/tmp
DOWNL=yes UPLOAD=yes SFTP=no
SCP_CMD="echo /usr/bin/scp" SFTP_CMD="echo /usr/libexec/openssh/sftp-server"
# If exist ... test -f /etc/onlyscp.conf && source /etc/onlyscp.conf
cd $CHROOT
case "$DOWNL:$UPLOAD:$SFTP:$@" in yes:*:*:-c\ scp\ -f\ *) f=$(echo "$@"|sed -e 's|^-c scp -f ||') f=$(echo "./$f"|sed -e 's|\.\./|::/|g') eval "$SCP_CMD -f $f" ;; *:yes:*:-c\ scp\ -t\ *) f=$(echo "$@"|sed -e 's|^-c scp -t ||') f=$(echo "./$f"|sed -e 's|\.\./|::/|g') eval "$SCP_CMD -t $f" ;; *:*:yes:-c\ */sftp-server) eval "$SFTP_CMD" ;; -c\ ls*) (find * -type f |xargs ls -lad) 1>&2 ;; *) ( echo "Operazione Non Supportata" echo "Comandi ammessi: scp from & to + ls"
sleep 2 echo -e "Premi un tasto x uscire\c" )1>&2 read -t 3 a
exit 3 ;; esac
exit 0
----[cut]----- -- Dario Lesca <d.lesca@xxxxxxxxxx>
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
Brian Richardson Software Developer Public Key available at http://www.cubik.ca/
