Restricting rsync over ssh - Bob - org.samba.lists.rsync

6 messages in org.samba.lists.rsyncRestricting rsync over ssh

From	Sent On	Attachments
Bob	Dec 28, 2004 3:53 pm
Dmitry V. Levin	Dec 28, 2004 4:12 pm
Bob	Dec 28, 2004 4:24 pm
Dmitry V. Levin	Dec 28, 2004 4:43 pm
Alessandro Ranellucci	Dec 28, 2004 4:44 pm
Martin Scharrer	Dec 28, 2004 5:26 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Restricting rsync over ssh	Actions...
From:	Bob (bo...@coldsource.net)
Date:	Dec 28, 2004 3:53:48 pm
List:	org.samba.lists.rsync

Hi I have very special needs and i wanted to use rsync over ssh. I don't know if a solution already exists for what i want to do. I want to provide rsync over ssh to my users. Howevern i want to have the following limitations : 1. No shell access 2. Limitting users to their home directories

I was thinking to the folowing solution, but i don't know if it is secure enough : Create a dummy-shell sor ssh login that only allow the rsync --server --sender command. Then i get the path of the wanted files, and i appened it to the home directory of the user. Ex : the user requests /test, i give him : /home/usrname/test Then i uses the realpath function to canonicalize the path and i check that it really begins with /home/usrname to prevent users from getting files outside of their home directory. I execute the rsync command with the new built path...

I think this should work but i would like to know what do you think about security.

If this is ok, i will code the dummy-shell and put it online for those who would like to do similar things...

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: