Restricted User Shell
On the server side,
rsync is executed with the
--server command line option. In addition, when copying
files from the server, the --sender option is used. This
allows to discern between incoming and outgoing requests.
In our setup,
rsync is used the same way as
the two rules will be:
rule rsync-incoming command ^rsync --server command ! --sender match[$] /incoming/ match[$] ! \.\./ transform s|^|/usr/bin/| transform[$] s|^|/home/ftp/| rule rsync-home command ^rsync match[$] ! ^[^/] match[$] ! \.\./ transform s|^|/usr/bin/| transform[$] s|^|public_html/| chdir ~
The trap rules for
rsync are trivial:
rule rsync-to-trap command ^rsync command --sender exit Error: Downloads from this directory prohibited rule rsync-from-trap command ^rsync exit Error: Uploads to this directory prohibited
This document was generated on October 1, 2016 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.