Gentoo Archives: gentoo-security

From: "Rúni H.Hansen" <runi.hansen@××××××.net>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] SSH - Settings based on user groups
Date: Tue, 16 Dec 2003 02:43:01
Message-Id: 52149.81.227.189.186.1071564159.squirrel@webmail.okkara.net
In Reply to: Re: [gentoo-security] SSH - Settings based on user groups by Helder Miguel Rodrigues
Hi Nick

I dont know about restrict permisson to X11Forward for specified groups.

But you can type 'vipw' and change the shell from '/bin/bash' to
'/usr/lib/misc/sftp-server' for the user that you only want to have access
to ftp.

How secure this is I dont know, but it seems to work ;o)

/Rúni

> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Take a look in rssh. http://rssh.sourceforge.net/ > > Its in Portage too! > > Regards, > Helder Rodrigues > > > Nick Gommans wrote: > > | Hello everyone, > | > | I just had a question about SSH that (hopefully) someone can answer fo > me. > | > | Is there a way of setting up the SSH server to restrict permission to > such > | extensions as X11Forwarding and Port Forwarding to members of specific > | groups? How about restricting SSH to only allow a user to use the > SCP/SFTP > | service but have no interactive shell (In an effort to eliminate users > from > | using FTP)? > | > | Is there any way I can achieve this level of control in OpenSSH? > | > | Thanks in advance, > | Nick > | > | > | -- > | gentoo-security@g.o mailing list > | > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3-nr1 (Windows XP) > Comment: Helder Miguel Rodrigues - http://www.frew.org > > iD8DBQE/3qJ0XuDuuXe+pHkRAi7lAJ9e+Im7F+Y1Xi0wwSR/zFXRgVjSFwCgtUGA > RKAnPQMLh9oPUngmotU8CVs= > =HUuh > -----END PGP SIGNATURE----- > > -- > gentoo-security@g.o mailing list > >
-- gentoo-security@g.o mailing list