Restricting rsync over ssh

Dmitry V. Levin ldv at
Tue Dec 28 16:12:14 GMT 2004


On Tue, Dec 28, 2004 at 04:53:45PM +0100, Bob wrote:
> I have very special needs and i wanted to use rsync over ssh. I don't 
> know if a solution already exists for what i want to do. I want to 
> provide rsync over ssh to my users. Howevern i want to have the 
> following limitations :
> 1. No shell access
> 2. Limitting users to their home directories
> I was thinking to the folowing solution, but i don't know if it is 
> secure enough :
> Create a dummy-shell sor ssh login that only allow the rsync --server 
> --sender command. Then i get the path of the wanted files, and i appened 
> it to the home directory of the user. Ex : the user requests /test, i 
> give him : /home/usrname/test
> Then i uses the realpath function to canonicalize the path and i check 
> that it really begins with /home/usrname to prevent users from getting 
> files outside of their home directory.
> I execute the rsync command with the new built path...
> I think this should work but i would like to know what do you think 
> about security.

Use chroot(2) to get more robust solution.
See also

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the rsync mailing list