Re: lug-bg: sftp / zabrana za izluzane izvyn $HOME
- Subject: Re: lug-bg: sftp / zabrana za izluzane izvyn $HOME
- From: vlk@email.domain.hidden (Vesselin Kolev)
- Date: Tue, 4 Mar 2003 19:02:13 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Problema se reshi s edin util, izvesten kato SCPONLY.
Po princip SCPONLY e dummy shell (podoben, na tezi koito
idvat s BSD/OS). Mozhe da byde svalen ot:
http://www.sublimation.org/scponly/
Compilira se i instalira mnogo lesno. V systava na paketa
ima shell script (sh), koito pravi chroot na daden user
h setup_chroot.sh
Izpylnenieto na scripta iziskva ot vas da vyvedete v
dialogov rezhim directoriata na user-a, koito shte syzdavate
i chroot-vate i umeto na usera (razbira se, usera ne traibva
da e syzdaden). Scriptyt ne e syvyrshen i shte vi kazhe,
che niakoi directorii ne syshtestvuvat, kogato kopira
biblioteki i dvoichni failove v chroot directoriata.. Napravete
gi rychno.
Celta na cialoto zaniatie beshe slednata. Potrebitelite imat
dostyp do file-ov server pod Samba i dostypvat shernatite
si directorii v ramkite na Microsoft Netowrk (TCP/IP bazirana).
Tova te mogat da praviat obache samo v localnata mrezha.
Kogato sa navyn (izvyn localnata mrezha), te mozhe da
imat dostyp do directoriite si na filovia server chrez WinSCP,
ako sa pod Windows i s sftp, ako sa pod LINUX...
Kogato sa pod Samba, te ne mogat da "nadskochat" home
directoriata si. Samba po princip obrazno kazano chrootva
vseki resurs. No za WinSCP ne e taka i za sftp izobshto...
Ta zatova mi traibvashe i tova. Da ne mozhe chrez sftp ili
WinSCP da se nadskacha $HOME ot potrebitelia:))
Pozdravi
Vesselin Kolev
<p><p>On Tuesday 04 Mar 2003 17:29, Kliment Ognianov wrote:
<em class="quotelev1">> Vesselin Kolev wrote:
<em class="quotelev2">> >-----BEGIN PGP SIGNED MESSAGE-----
<em class="quotelev2">> >Hash: SHA1
<em class="quotelev2">> >
<em class="quotelev2">> >Zdraveite,
<em class="quotelev2">> > Kak moga da napravia taka, che pri sftp sesia potrtebitelia da ne
<em class="quotelev2">> >mozhe da izliza ot svoiata domashna directoria.
<em class="quotelev2">> >
<em class="quotelev2">> > Ako triabva da dam analogia, to tia shte e s ProFTPD i s nalichnata
<em class="quotelev2">> >tam pri konfiguracia opcia v proftpd.conf
<em class="quotelev2">> >
<em class="quotelev2">> > DefaultRoot ~
<em class="quotelev2">> >
<em class="quotelev2">> >
<em class="quotelev2">> > Predvaritelno balgodaria!
<em class="quotelev2">> >
<em class="quotelev2">> > Pozdravi
<em class="quotelev2">> > Vesselin Kolev
<em class="quotelev2">> >-----BEGIN PGP SIGNATURE-----
<em class="quotelev2">> >Version: GnuPG v1.2.1 (GNU/Linux)
<em class="quotelev2">> >
<em class="quotelev2">> >iD8DBQE+ZKGg+48lZPXaa+MRAsaMAJ9xOZ/WNQhgz0A52mAYa2/QNoYMiACgvDIP
<em class="quotelev2">> >Xl9YHS3DglWczwnTxV7jQgk=
<em class="quotelev2">> >=Zcsn
<em class="quotelev2">> >-----END PGP SIGNATURE-----
<em class="quotelev1">>
<em class="quotelev1">> Pusni si jail i mu dai shella da e jail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+ZNwh+48lZPXaa+MRAoDqAKDy+Kmh09uZlE1onUKrie13bI0BKgCcCBhD
lwzTKlXzwxvtfYWi9vFbiKw=
=A08N
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|