[scponly] V 4.0 allows ssh ??

wby oblyr joe at sublimation.org
Fri Dec 17 13:14:53 EST 2004 

It is worth mentioning that scp does not operate without ssh.  If one were to disable ssh completely, 
scponly would not function.  ssh is just the transport for commands like "scp".

for some of these commands, i believe it is misleading to restrict things like directory creation,
renaming files, copying files, overwriting files, et cetera - all these things can be accomplished with
just the "scp"  binary anyway.

there are still other commands, however. "chmod", "chgrp", "ls" and "rm" are the things i would consider
for compile time configuration.

joe

Terry Gliedt wrote this message on Fri, Dec 17, 2004 at 08:12 -0500:
> wby oblyr wrote:
> >this is a documentation problem.
> >
> >in scp compatibility mode, scponly WILL allow certain file navigation 
> >functionality relating to file transfers.
> >
> >from the source:
> >
> >#ifdef ENABLE_SCP2
> >    { PROG_LS, 1 },
> >    { PROG_CHMOD, 1 },
> >    { PROG_CHOWN, 1 },
> >    { PROG_CHGRP, 1 },
> >    { PROG_MKDIR, 1 },
> >    { PROG_RMDIR, 1 },
> >    { PROG_SCP, 1 },
> >    { PROG_LN, 1 },
> >    { PROG_MV, 1 },
> >    { PROG_RM, 1 },
> >    { PROG_CD, 1 },
> >#endif /*ENABLE_SCP2*/
> >
> >those uppercase macro definitions are established by ./configure at 
> >compile time.
> >
> >the reasoning here was to allow sftp-ish functionality via scp.  listing 
> >and manipulating files and directories are all within the domain of 
> >scponly.
> >
> >i WILL correct the documentation so that people will not be surprised by 
> >this behaviour in the future.
> >
> >i may also make the configuration parameters more granular for this 
> >behaviour.  check back in 4.1 
> 
> If I may, I'd suggest you also add this as a configure switch (commands 
> or not). In my case I want ssh killed, scp only (as in the command). I 
> had not expected anything like this since I specified the --disable-sftp 
> option. Perhaps a --disable-ssh-completely option?
> 
> Thanks for the quick response!
> 
> >Terry Gliedt wrote this message on Thu, Dec 16, 2004 at 16:02 -0500:
> >
> >>On node 's', I fetched the latest code, compiled like this:
> >>
> >> make clean
> >> rm -f config.cache
> >> ./configure --disable-sftp --disable-winscp-compat \
> >>       --disable-gftp-compat --enable-rsync-compat
> >> make
> >> make install
> >>
> >>Added /usr/local/bin/scponly to /etc/shells. Added this user:
> >>
> >> usera:x:505:100:Example user:/home/usera:/usr/local/bin/scponly
> >>
> >>I tried various scp commands to 'usera at s' which behaved as expected. On 
> >>another machine I did
> >>
> >> ssh usera at s ls -la
> >>
> >>and got back the results of 'ls'.  I was pretty surprised. What have I 
> >>missed?
> >
> 
> 
> -- 
> =============================================================
> Terry Gliedt     tpg at umich.edu       http://www.hps.com/~tpg/
> Biostatistics, Univ of Michigan  Personal Email:  tpg at hps.com
> 
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly

-- 
----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2

More information about the scponly mailing list