GNU Rush
	Restricted User Shell	Sergey Poznyakoff

• Main
• Downloads
• Documentation

GNU Rush – a restricted user shell. (split by node):

Section:

Chapter:

Doc:

?

6.1 scp

The scp utility is executed on the server side with option ‘-t’, when copying files to server, and with ‘-f’ when copying from it. Thus, the basic templates for scp rules are:

# Copying to server:
rule scp-to
  command ^scp -t
  ...

# Copying from server:  
rule scp-from
  command ^scp -f
  ...

You may also wish to allow for ‘-v’ (‘verbose’) command line option. In this case, the ‘scp-to’ rule will become:

rule scp-to
  command ^scp (-v )?-t
  ...

First, we want users to be able to upload files to ‘/home/ftp/incoming’ directory. Moreover, the ‘/home/ftp’ directory prefix must be invisible to them. We must also make sure that the user cannot get outside the ‘incoming’ directory by using ‘../’ components in his upload path. So, our first rule for scp uploads will be:

rule scp-to-incoming
  command ^scp (-v )?-t /incoming/
  match[$] ! \.\./
  set[0] /bin/scp
  transform[$] s|^|/home/ftp/|

The match[$] statement ensures that no relative components are used. Two transform rules ensure that the right scp binary is used and that ‘/home/ftp’ prefix is prepended to the upload path.

Other than uploading to ‘/incoming’, users must be able to use scp to manage ‘public_html’ directories located in their homes. They should use relative paths for that, i.e., the command:

$ scp file.html server:

will copy file ‘file.html’ to ‘~/public_html/file.html’ on the server. The corresponding rule is:

rule scp-home
  command ^scp (-v )?-[tf] [^/].*
  match[$] ! \.\./
  set[0] /bin/scp
  transform[$] s|^|public_html/|
  chdir ~

Finally, we provide two trap rules for diagnostic purposes:

rule scp-to-trap
  command ^scp (-v )?-t
  exit Error: Uploads to this directory prohibited

rule scp-from  
  command ^scp (-v )?-f
  exit Error: Downloads from this directory prohibited