RE: secured uploads

Tzahi Fadida Sat, 05 Jun 2004 03:43:37 -0700

I used the configuration file of the sshd2 config file port forwarding
limitation.
and in my case it was for cvs. in your case you can give ftp access.
the shell account atached to the friends general accounts is a chroot
friends:x:12346:12346::/home/friends/home:/bin/chroot-shell
you don't have anything to run there, so u can just port forward to the
specified
ports.


here is an excerpt from the sshd config:
      ForwardACL allow local friends%friends 127\.0\.0\.1%2401
      ForwardACL allow local friends%friends 192\.168\.0\.11%5901

here is the chroot-shell script(you'll have to install sudo):
#!/bin/bash
if [ "$1" = "-c" ]; then
        i=0;
        PARAMS="";
        for param in $*; do
                if [ $i -gt 0 ]; then
                        PARAMS="$PARAMS $param";
                fi
                let i++;
        done;
        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c "$PARAMS"
else
        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER
fi;

here is the /etc/sudoers:
# User privilege specification
root    ALL=(ALL) ALL
friends ALL= NOPASSWD: /usr/sbin/chroot /home/friends /bin/su - friends*

Regards,
        tzahi.

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Diego Iastrubni
> Sent: Saturday, June 05, 2004 1:28 AM
> To: Linux IL
> Subject: secured uploads
> 
> 
> Hi all,
> 
> I have a problem I think some people here will be able to 
> help me with. 
> 
> I want some users to be able to upload files to some site.The 
> solution used 
> right now, is getting the private ssh keys from the users, 
> and letting the 
> users to use "scp" to copy files to the remote server.
> 
> However, I discovered that I can use "ssh [EMAIL PROTECTED] sh" 
> to get a basic 
> shell on the box, and delete files on that dir (or others). 
> 
> I would like to know what other solutions can you recommend me.
> 
>  (sending cd's by snail mail...? :)
> 
> -- 
> 
> diego, kde-il translation team
> 
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.fsf.org/philosophy/no-word-attachments.html
> Free MS-Office replacement for most platforms 
> http://www.openoffice.org/
> 
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] 
> with the word "unsubscribe" in the message body, e.g., run 
> the command echo unsubscribe | mail [EMAIL PROTECTED]
> 
> 
> 



=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: secured uploads

Reply via email to