Gar,
>> Can you contact me (on or off list) regarding how you do this and what
> limited shell technique or software you use, please?
>
Box is set to accept requests from ssh protocol 2 clients only. Profile
for each user account is customised to, on login, automatically run
passwd, to allow users to manage their passwords, and then deliver them
to a restricted bash shell that doesn't allow any commands to be run
from the command line. Effectively there's no point in logging in except
to set passwd.
Otherwise connect via sftp client. Users can upload, download and
delete. Openssh configured to disable chown/chmod (we set default umask
on our end) so we don't let users set their own permissions either (they
showed an unfortunate tendency toward installing things with world write!)
Does this help?
Maria
--
Maria Fogarty,
Web Administrator,
Information Systems Services,
Trinity College Dublin.
Tel: 01 8963640
Email: webmaster at tcd.ie
Please note that electronic mail to, from, or within the
College may be the subject of a request under the Freedom
of information Act.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
