6 messages in org.samba.lists.rsyncRestricting rsync over ssh
FromSent OnAttachments
BobDec 28, 2004 3:53 pm 
Dmitry V. LevinDec 28, 2004 4:12 pm 
BobDec 28, 2004 4:24 pm 
Dmitry V. LevinDec 28, 2004 4:43 pm 
Alessandro RanellucciDec 28, 2004 4:44 pm 
Martin ScharrerDec 28, 2004 5:26 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Restricting rsync over sshActions
From:Dmitry V. Levin (ld@altlinux.org)
Date:Dec 28, 2004 4:12:16 pm
List:org.samba.lists.rsync

Hi,

On Tue, Dec 28, 2004 at 04:53:45PM +0100, Bob wrote:

I have very special needs and i wanted to use rsync over ssh. I don't know if a solution already exists for what i want to do. I want to provide rsync over ssh to my users. Howevern i want to have the following limitations : 1. No shell access 2. Limitting users to their home directories

I was thinking to the folowing solution, but i don't know if it is secure enough : Create a dummy-shell sor ssh login that only allow the rsync --server --sender command. Then i get the path of the wanted files, and i appened it to the home directory of the user. Ex : the user requests /test, i give him : /home/usrname/test Then i uses the realpath function to canonicalize the path and i check that it really begins with /home/usrname to prevent users from getting files outside of their home directory. I execute the rsync command with the new built path...

I think this should work but i would like to know what do you think about security.

Use chroot(2) to get more robust solution. See also ftp://ftp.altlinux.org/pub/people/ldv/rshell/

-- ldv