GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index

6.1 scp

The scp utility is executed on the server side with option -t, when copying files to server, and with -f when copying from it. Thus, the basic templates for scp rules are:

# Copying to server:
rule scp-to
  command ^scp -t
  ...

# Copying from server:  
rule scp-from
  command ^scp -f
  ...

You may also wish to allow for -v (‘verbose’) command line option. In this case, the ‘scp-to’ rule will become:

rule scp-to
  command ^scp (-v )?-t
  ...

First, we want users to be able to upload files to /home/ftp/incoming directory. Moreover, the /home/ftp directory prefix must be invisible to them. We must also make sure that the user cannot get outside the incoming directory by using ../ components in his upload path. So, our first rule for scp uploads will be:

rule scp-to-incoming
  command ^scp (-v )?-t /incoming/
  match[$] ! \.\./
  set[0] /bin/scp
  transform[$] s|^|/home/ftp/|

The match[$] statement ensures that no relative components are used. Two transform rules ensure that the right scp binary is used and that /home/ftp prefix is prepended to the upload path.

Other than uploading to /incoming, users must be able to use scp to manage public_html directories located in their homes. They should use relative paths for that, i.e., the command:

$ scp file.html server:

will copy file file.html to ~/public_html/file.html on the server. The corresponding rule is:

rule scp-home
  command ^scp (-v )?-[tf] [^/].*
  match[$] ! \.\./
  set[0] /bin/scp
  transform[$] s|^|public_html/|
  chdir ~

Finally, we provide two trap rules for diagnostic purposes:

rule scp-to-trap
  command ^scp (-v )?-t
  exit Error: Uploads to this directory prohibited

rule scp-from  
  command ^scp (-v )?-f
  exit Error: Downloads from this directory prohibited

GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index