On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > > Currently rsync and old scp has been restricted using a restricted > shell configuration. But of course that does not limit sftp. And of > course sftp can be chrooted which would work okay for us. Use the > ForceCommand internal-sftp configuration to put the process in a > chroot. But then that configuration blocks rsync. > > Match ... other stuff > Match ALL > ChrootDirectory /releases > ForceCommand internal-sftp > AllowTcpForwarding no > X11Forwarding no > > I have not been able to deduce a way to set up sftp-in-a-chroot *only* > when sftp is requested and allow rsync when rsync is requested and > allow rsync to work normally when rsync is requested. You can do this using a custom setuid shell or forcecommand (it needs to be setuid because chroot requires privileges). It can look at the contents of $SSH_ORIGINAL_COMMAND and decide on whether to run rsync or chroot then run sftp-server. It is possible to do this without setuid, but the forcecommand would need to live inside the ChrootDirectory along with everything else sftp-server and rsync needs. If you're on Linux, then maybe you could cook something up using namespaces and bind mounts to simplify this. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
