[scponly] scponly 3.1

David N. Blank-Edelman dnb at ccs.neu.edu
Thu Sep 12 15:13:30 EDT 2002


On Thu, 12 Sep 2002, Andrew Chadwick wrote:

> Hmm - unison, rsync, cvs(!) - that's quite a lot for the paranoid
> sysadmin to worry about.

Andrew has a very good point here. Basically we're starting to get
into the business of making a more complex restricted shell (rsh or
remsh anyone?) here. I'm not clear if that is a good thing. Let me
make it even more complex:

> Speaking as a packager (and paranoid sysadmin), it would be nicest if
> the program were to, yes, incorporate support for more than just the
> basic sftp-scp-and-ls binaries, but to be forced as root to add explicit
> permissions for certain users to use exotic stuff like rsync or cvs.

If scponly does allow user-based permissions, I would actually prefer to
be able to add explicit permissions for certain _sets_ or classes of users
(not explicit usernames).  For example, it would be really useful to us to
able to use netgroups to do this.

> It should be root making the decision about who to let do stuff, and
> what. A config file in /etc/scponly or your local equivalent might
> suffice.

Agreed. Perhaps one model for this worth studying (or ripping off code
from) is the sudo package (http://www.courtesan.com/sudo/sudo.html) and
how their config files work.  Note: I'm content with compile-time
per-program choices (but I certainly see your quandry and would support
config files as well).

Now, all of that being said, I hope scponly sticks as close to "the
simpler, the better" philosophy as possible. I think that is going to be
hard. Joe, do you feel like weighing in on where you want to go with
your baby?

   -- dNb





More information about the scponly mailing list