[geeks] hidden files and sftp
Nadine Miller
velociraptor at gmail.com
Tue Feb 12 22:07:53 CST 2008
Shannon Hendrix wrote:
> On Feb 11, 2008, at 2:27 PM, velociraptor wrote:
>
>> On Feb 6, 2008 1:16 PM, der Mouse <mouse at rodents.montreal.qc.ca> wrote:
>>>> Unfortunately, this is an openssh based system, and unless I've
>>>> missed something it seems there is no option to control what someone
>>>> sees with sftp.
>>>
>>> Well, you've got the source; it can't be all that hard to drop in code
>>> just before going to the filesystem that checks for a dotfile and
>>> pretends the file doesn't exist if so.
>>
>> Another tactic would be a restricted shell and putting the limited
>> users into directories with no dot files. This was something we
>> looked at back at one of my $gov_agency jobs to give vendors the
>> ability to push files to our dev servers using a secure protocol as
>> ftp was a no-no. We never implemented it, though.
>>
>> I can't remember the name of the restricted shell off the top of my
>> head, though, and my notes aren't with me. You should be able to
>> exercise google-fu to find it.
>
> The problem is that the system is wrapped up in a custom shell system
> and it uses the standard UNIX tools in the background, which means they
> use /etc/skel.
>
> If I had infinite time, I could do things like that, but ideally I would
> leave the account management alone since it currently works and I don't
> want top have to fix it.
>
> I might just change how we build user directories somehow, or fiddle
> with how /etc/skel
> is used for each account type.
>
How difficult would it be to have two profiles, though, and just set a
flag in the wrapper program that creates the accounts? AFAIK, /etc/skel
doesn't just has the default dot files, it doesn't specify what shell
things default to if none is specified by useradd/adduser. It's been a
while since I laid hands on FreeBSD, but I don't think you can run the
script to create a user on Linux without specifying a shell.
=Nadine=
More information about the geeks
mailing list