[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

sftp wrapper

To: misc@openbsd.org
Subject: sftp wrapper
From: Shiva <shiva.brahma@inwind.it>
Date: Thu, 28 Mar 2002 21:12:41 +0100

ok, i'm trying to write a wrapper for sftp-server and scp. however I
have a couple of question.

1) when a user connect with ssh, sshd run user's login shell. when the
user connect with scp or sftp, sshd run user's login shell with either
"-c /local/path/to/sftp-server" or "-c scp -f localfile" as the shell
argument. is this right? I'm sorry if this seems a stupid question but
if i've understood it wrong my script will either not work or will be
just a big hole :)

2) reading some mails on the openssh mailing list i've understood that
when we want to give a sftp-only account we just want him not to be able
to execute anything beyond scp and sftp-server. how to do that? he
should not be able to overwrite files like .profile or .ssh/environment,
which are read by his login shell (which is executed to launch
sftp-server or scp). is this correct?

3) users should not be chrooted to their home dir, but to a subdir, so
they won't have access to those files (i.e. .profile etc). otherwise
root can make them read only so they won't be modified anyway. I think
the two things are equivalent, aren't they? however chroot man page says
it is under development. i don't know what does it mean (i.e. it may
fail to chroot? in can be exploited somehow?) so i think the best bet is
to make .profile etc readonly and use chroot on a subdir. is it a good
idea or is just paranoia?

I though about writing two script. one to setup the user home dir and
then the scp/sftp wrapper. however i was wondering if it has any sense
to write the wrapper as a shell script...

basically if the user is able somehow to create a custom .profile in his
home dir. when the wrapper get executed at the next login, the shell
will read .profile and then execute the wrapper, so checking if the environment is safe is useless since user's code has already been executed... is that right? there's a way to be sure the user can never
compromise his environment?

and btw... using the shell command chroot and then running scp/sftp
means that they must be in the user's chrooted dir... :| so i suppose
that to have a chrooted home dir the chroot must be coded directly into
scp/sftp. is this right?

thanks in advance.

Shiva

"Better true to yourself
Than a perfect shadow
Of somebody else
An empty shell"

(MrBig, My new religion)

Follow-Ups:
- Re: sftp wrapper
  - From: Ben Goren <ben@trumpetpower.com>

Prev by Date: Help
Next by Date: Re: Osama'S code? ????, ?????? ??????????????!! . ????????
Prev by thread: Help
Next by thread: Re: sftp wrapper
Index(es):
- Date
- Thread