Restricting rsync over ssh
Dmitry V. Levin
ldv at altlinux.org
Tue Dec 28 16:12:14 GMT 2004
Hi,
On Tue, Dec 28, 2004 at 04:53:45PM +0100, Bob wrote:
> I have very special needs and i wanted to use rsync over ssh. I don't
> know if a solution already exists for what i want to do. I want to
> provide rsync over ssh to my users. Howevern i want to have the
> following limitations :
> 1. No shell access
> 2. Limitting users to their home directories
>
> I was thinking to the folowing solution, but i don't know if it is
> secure enough :
> Create a dummy-shell sor ssh login that only allow the rsync --server
> --sender command. Then i get the path of the wanted files, and i appened
> it to the home directory of the user. Ex : the user requests /test, i
> give him : /home/usrname/test
> Then i uses the realpath function to canonicalize the path and i check
> that it really begins with /home/usrname to prevent users from getting
> files outside of their home directory.
> I execute the rsync command with the new built path...
>
> I think this should work but i would like to know what do you think
> about security.
Use chroot(2) to get more robust solution.
See also ftp://ftp.altlinux.org/pub/people/ldv/rshell/
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20041228/0f25fa0c/attachment.bin
More information about the rsync
mailing list