[scponly] scponly 3.1

Andrew Chadwick andrewc at piffle.org
Thu Sep 12 13:46:46 EDT 2002


Hello all.

On Wed, Sep 11, 2002 at 02:15:05PM -0400, David N. Blank-Edelman wrote:
> On Wed, 11 Sep 2002, joe wrote:
> > 	- rsync support.  i added a configure script option that allows
> > someone to include "rsync" in the list of acceptable scponly commands.
> > the default is not to do this.  i will probably add cvs too, as it also
> > allows a ssh tunnel for transfers.
> 
> Cool idea. Can I make a request? Can you either make this extensible (i.e
> so a user can just add to the list of paths that can be called) or barring
> that also add the same support for a tool called unison?

Hmm - unison, rsync, cvs(!) - that's quite a lot for the paranoid
sysadmin to worry about.

I'm working on a Debian package of scponly
(http://swift.piffle.org/~andrewc/debian/, I hope to update the package
to cover scponly-3.x this afternoon).

Speaking as a packager (and paranoid sysadmin), it would be nicest if
the program were to, yes, incorporate support for more than just the
basic sftp-scp-and-ls binaries, but to be forced as root to add explicit
permissions for certain users to use exotic stuff like rsync or cvs.

It should be root making the decision about who to let do stuff, and
what. A config file in /etc/scponly or your local equivalent might
suffice.

-- 
Andrew Chadwick
http://www.piffle.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20020912/9fca6a2a/attachment.bin


More information about the scponly mailing list