Thread: scp/sftp & CWD
Brought to you by:
xystrus
Menu
▾
▴
rssh-discuss
|
From: MAL <ma...@ko...> - 2003-05-19 18:14:23
|
Hi ppl, Is there any way to get sftp and/or scp to change to a different starting directory on connect. I don't mean from a user's point of view.. I know sftp <user@host:/dir> works.. I mean on the server end. With bash, I used to set each user's .bashrc/.bash_profile to read: cd /www/<user> export PWD='/www/<user>' and that did the trick in just about every scp/sftp client I tested. How can I get this effect with rssh? The system in question has redhat's patched openssh 3.1p1-5, which I assume supports ~/.ssh/rc and/or ~/.ssh/environment, but adding the above commands to either of those yeilded nothing. Anyone? :) MAL |
|
From: MAL <ma...@ko...> - 2003-07-08 07:17:22
|
Derek Martin wrote: > On Mon, May 19, 2003 at 07:14:12PM +0100, MAL wrote: > >>Hi ppl, >> >>Is there any way to get sftp and/or scp to change to a different >>starting directory on connect. I don't mean from a user's point of >>view.. I know sftp <user@host:/dir> works.. I mean on the server end. > > > rssh will not do this. The obvious answer is to change the home > directories on the server to be the place where you want the users to > log into... I can't imagine any reason you wouldn't want to do that, > since you're obviously limiting their access with rssh, and you want > to make it always change to some directory. Just change their home > dir in the password file. > > If you're using NIS or similar, use sed on the maps to make a local > password file with the home directories fixed so they point where you > want 'em. I cannot change user's home directories, as I have other user specific data stored in them, (programs that create configs that cannot be specified to be elsewhere), but I simply want the user placed in another, empty web directory when they sftp in for the first time. Is there any way to do this with rssh? I don't want to resort to changing rssh, as that would break it's tested stability, but is there no other way? Cheers, MAL |
|
From: Derek M. <co...@pi...> - 2003-07-08 12:53:01
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 08, 2003 at 08:17:08AM +0100, MAL wrote: > I cannot change user's home directories, as I have other user specific > data stored in them, (programs that create configs that cannot be > specified to be elsewhere), but I simply want the user placed in > another, empty web directory when they sftp in for the first time. > > Is there any way to do this with rssh? Well, I just released v2.1.0, which has per-user configurations. With that version it /can/ be done, but it's a messy hack. What you'd need to do is create a user configuration for every user, and chroot them to the new directory. The trouble with this is that now, you have to set up a chroot jail for every single user. Aside from being tedious and error-prone, this is a bad idea, because it's resource-intensive and you'll never be able to capture the logs from these users once they've been chrooted. See the CHROOT file in the source distribution for the details of why, and see the rssh.conf man page for the details of how (from v2.1.0 in both cases -- it's just not there in earlier releases). At the moment, I consider rssh to be done; it's time for me to move on to other, more interesting projects. So, if you want this functionality to work more cleanly than outlined above, you're going to have to write it. That said, I kinda see the utility of this (though I'm still not entirely convinced it's necessary). If you do write the code, I might consider posting your patch on a contrib page on the web site. Or, if I'm bored enough, at some point I might even consider writing it myself... but don't count on that. There are two ways I see to add this cleanly to the existing code. I would probably implement both, if I were to do it at all. 1) add a new config keywword, something like "fake_homedir" which takes a path as its argument (though I already don't like that particular name). rssh would then look for a directory with the current user's username under that directory, and cd to that directory, as if it were the user's home directory. 2) add a third bit to the per-user access bit field, to indicate whether or not chrooting is desired. If the bit is 0, but a path is specified in the user's config, cd to that path as if it were the user's home directory. - -=-=-=- FWIW, what I would do to solve your problem is create the users' home directories and the configurations in them as root, and leave them owned by root, making them non-writable to the user. Then create a directory within those home dirs called something like "files", where they could cd to using sftp, to do their file transfers. If you're serving out the stuff that's there via web server, it's a simple matter to tell the server to treat that new directory as the users' public_html directories... If they use scp instead of sftp, it's a simple matter to copy files there, i.e.: scp myfile.html server:files/ No cd-ing necessary. HTH... - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/Cr6NdjdlQoHP510RAiWsAJ4xMAcvw42XnyL9Jil6oLvIp7IS1ACgrokU faZhAqP6sauXZKzaZ+VXEQM= =uzBB -----END PGP SIGNATURE----- |
|
From: MAL <ma...@ko...> - 2003-07-08 15:15:19
|
Derek Martin wrote: [ ideas for improvement ] Thanks, I'll look into coding that. > -=-=-=- > > FWIW, what I would do to solve your problem is create the users' home > directories and the configurations in them as root, and leave them > owned by root, making them non-writable to the user. Then create a > directory within those home dirs called something like "files", where > they could cd to using sftp, to do their file transfers. If you're > serving out the stuff that's there via web server, it's a simple > matter to tell the server to treat that new directory as the users' > public_html directories... > > If they use scp instead of sftp, it's a simple matter to copy files > there, i.e.: > > scp myfile.html server:files/ > > No cd-ing necessary. I'm afraid we host 100+ simpletons who just _will not_ understand/comprehend that. It's hard enough getting them to understand how to connect for upload in the first place. Thank you kindly for your input though, i'll get back to you as soon as I make some progress :) Cheers, MAL |
Thanks for helping keep SourceForge clean.
X