Somebody on the secureshell list suggested this...
> Can anyone tell me if it's possible to run the sftp subsystem, but
disallow
> interactive logins?
http://www.snailbook.com/faq/restricted-scp.auto.html
Someone else said...
>> Give sftp-server as the users shell.
More generally, I think you can use a restricted shell that accepts
commands to run via the -c argument, like standard shells, but
will only run a few selected commands, like say, sftp-server and ls
The sendmail restricted shell "smrsh" might be adapted for this
porpose, or you could write a perl script (be careful about shell
metacharacters, and pass lists to system or exec, not strings.)
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
5:01pm up 24 days, 22:40, 1 user, load average: 0.19, 0.05, 0.01
Hobbiton.cod.ie
4:09pm up 23 days, 6:36, 2 users, load average: 0.05, 0.06, 0.07
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
