SFTP

Śro, 29 Paź 2003, 08:34:17 CET

On Tue, 28 Oct 2003, Marteen wrote:

> Czy jest mozliwosc udostepnienia szyfrowanego FTP za pomoca sftp
> tak zeby user nie mial dostepu do shella, majac jednoczesnie
> mozliwosc korzystania z sftp??

Ja u siebie stosuję dummy shell, nie wiem czy to z tej listy czy z innej...
zachowuje się doskonale :)

Kod w załączniku.

Pozdrawiam,
-- 
Jacek Osiecki
joshua w ceti.pl
GG: 3828944
-------------- następna część ---------
//
// vegaa_dummy_shell.c by zim w vegaa.de 2002-03-14
//
// This program behaves as a shell for users,
// which you want to allow sftp access (e.g for OpenSSH)
// but don't want to allow normal shell access.
//
// Copyright: Feel free to use it as you like it.
// Warranty: None .o)
//
// Compilation:
//
// gcc vegaa_dummy_shell.c -o vegaa_dummy_shell
//
// Installation:
//
// 1.) Put this dummy_shell somewhere, say as /usr/bin/vegaa_dummy_shell.
// Make it's owner root:root and it's permissions 0755 (or 0555).
// 2.) Specify the dummy_shell as the user's shell in /etc/passwd
// 3.) You may want to enter it also in /etc/shells, if these users
// should also be allowed normal ftp-access, too.
//

// Should your sftp-server sit in another location,

// change the following line accordingly
#define SFTP_COMMAND "/usr/lib/openssh/sftp-server"

#include <stdio.h>

#include <string.h>
#include <unistd.h>
#include <sys/syslog.h>
#include <sys/sysmacros.h>

int

main(int argc, char **argv)
{
    int i;

    if (argc!=3) {

        syslog(LOG_ERR,
            "ACCESS DENIED %s: illegal number of arguments=%d",
            argv[0],argc);
        for (i=1;i<argc;i++) {
            syslog(LOG_ERR,"%s argv[%d]: %s",argv[0],i,argv[i]);
            }
        goto Denied;
        }
    if (strcmp(argv[1],"-c") || strcmp(argv[2],SFTP_COMMAND)) {
        syslog(LOG_ERR,
            "ACCESS DENIED %s: illegal arguments: %s %s",
            argv[0],argv[1],argv[2]);
        goto Denied;
        }
    // Now call the sftp-server
    return(execl(argv[2],argv[2],NULL));

Denied:

    printf("##################################################\n");
    printf("## You don't have shell access on this machine. ##\n");
    printf("## Please contact your administrator, ##\n");
    printf("## should you believe that to be an error. ##\n");
    printf("##################################################\n");
    return(2);
}