This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Remove user access to local drives?


On Tue, 27 Feb 2007 19:37:25, Francis wrote:
>
> I am running a OpenSSH server for some friends on my machine, and I was hoping
> to disable access to /cygdrive (local drives.)  Is there a way to prevent them
> from modifying any files also?  this is intended just as a SSH tunneling method
> to get us around some Websense.


I have restricted ssh users to a some directory with some commands only
on GNU/Linux by using `chroot' and restricted shell (bash). This won't
work on Cygwin, because there is no `chroot' jail (not supported by the
underlying OS).

You have 2 options:
1. Use the /etc/passwd to specify your own shell which will check the
   input and execute only the allowed commands (by being filter to a
   shell or by calling `system').

2. Use cgf advice and restrict the ssh user to one command only (by the
   authorized_keys file which will be a filter (same as in 1). This has
   some drawbacks on Cygwin (unlike UNIX), but for your purpose it is
   not significant.

Ehud.


--
 Ehud Karni           Tel: +972-3-7966-561  /"\
 Mivtach - Simon      Fax: +972-3-7966-667  \ /  ASCII Ribbon Campaign
 Insurance agencies   (USA) voice mail and   X   Against   HTML   Mail
 http://www.mvs.co.il  FAX:  1-815-5509341  / \
 GnuPG: 98EA398D <http://www.keyserver.net/>    Better Safe Than Sorry

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]