[scponly] scponly and arbitrary commands
Alan Evans
alanwevans at gmail.com
Tue Sep 7 19:19:25 EDT 2010
Kaleb,
Thank you for your help so far. It is greatly appreciated.
Perhaps then you can suggest a way around our current problem. I need to
allow select shared user accounts to use scp/sftp only via SSH but, other
named users to be able to sudo and get a shell for that shared user.
ssh shared at host should fail
sftp shared at host should succeed
scp shared at host:file ./file should succeed
ssh alan at host
#then
[alan at host ~]$ sudo -u shared -s should succeed
[shared at host ~]$
As of now the sudo -u command gives me a /usr/bin/scponly shell and since
*I* am not an SFTP client I am not getting very far... :)
I have tried some /etc/profile and /etc/profile.d/ magic but am not having
any success, nor are those ideal solutions.
We are using RHEL4 and RHEL5 so the niceness of Match blocks in sshd_config
are not an option.
I am stumped at the moment. Any help or thoughts would be appreciated.
Regards,
-Alan
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the scponly
mailing list