[joe@sublimation.org: Re: [scponly] when do I, and when do I
not, use the "/./" syntax ?]
Ensel Sharon
user at dhp.com
Tue Jan 24 00:49:33 EST 2006
On Tue, 20 Dec 2005, wby oblyr wrote:
> I think you guys mean the "//" syntax.
>
> And yes, I'm painfully aware of how inadquate the documentation is around this feature. Basically, the gist is
> this:
>
> Users of the scponlyc shell must not be able to modify their home directories, lest they be able to subvert the
> restricted shell by modifying things like ssh configuration. Many people complained that after logging into a
> scponly shell, they could not upload files, so the '//' thing was devised.
>
> imagine this home directory:
>
> /home/scponlyuser//incoming
>
> everything BEFORE the // is the chroot path (/home/scponlyuser) and everything after the // is a directory to
> chdir() into after chrooting. This way a user can log into their scponly shell and the following will happen:
>
> - scponlyc will chroot to /home/scponlyuser
> - scponlyc will then chdir to /incoming (inside the chroot), dropping the user into a directory they can upload
> to.
Sorry to respond to this so late, but I am still a bit unclear ... why not
give everyone the exact same home directory, such as:
/home
and by that, I mean, every scponly user has /home defined as their
home directory in the /etc/passwd file. They're all the same.
Then when setting up the scponly chroot, tell scponly chroot that their
writeable directory is /home/(username)
So that way, they get a home directory that is just like a normal home
directory (/home/(username) )
and you don't need to do the /some/path//other/path thing ...
Is there some major downside to having all scponly users all have the
exact same home directory (that they cannot write to) in /etc/passwd ?
I tried it and it seemed to work, and I would like
comments/suggestions/ridicule if you please ...
More information about the scponly
mailing list