[scponly] Suggestion for new option: disable-recursion - And why this could be useful
Robert Hoffmann
hoffmann at cbio.mskcc.org
Wed Jan 20 10:49:33 EST 2010
Hi,
I would like to suggest a new option for configuration:
--disable-recursion
The objective would be to disable scp -r (and equivalent for other commands).
Why could this be useful?
I have setup ONE rootjail user account for scponly. Only clients with a qualified public key may scp to that account. All clients use the same account.
Some data in that account is of interest to all clients, but there will also be folders with long random names, which only a subset of the clients knows about.
This setup is supposed to prevent sneaking among clients. It is not intended to be top security separation, but I believe it could actually be quite efficient.
For my personal use, I have patched scponly.c to add the 'bad' options, but I thought it could be of general interest or use.
Btw, scponly rocks!
Best wishes,
Robert
More information about the scponly
mailing list