Disable remote command execution?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am using LDAP for authentication, and would like to control access
to the servers by the presence of a home directory.  This works fine
for shell logins (no home directory, no shell).  But the problem is
the user can still execute remote commands.  Any way to disable remote
commands if the user doesn=92t have a home directory?


Re: Disable remote command execution?

On Oct 2, 1:21=A0pm, tavend...@live.com wrote:
Quoted text here. Click to load it

There are some interesting techniques for rsync based access,
involving the use of a 'rsync-validate' script as an enforced command
in the SSH key configurations. But if they can access their home
directories and overwrite their .ssh/authorized_keys, this is no
guarantee. I've not tried to provide 'sftp-only' access, but that
might be a reasonable means to do so.

However, if all you really want is LDAP account access and easy read-
write access to a designated target, why not use WebDAV over HTTPS?
I've used this to manage access both to $HOME/public_html with write
access, and to shared repositories, with LDAP or even Kerberos user
authentication for upstream Active Directory account management.

Site Timeline