scp/sftp : how to allow GET only ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi, I would like to configure scp or sftp to allow GET of remote files
only, while all remote ssh commands and PUT of local files are denied.
Does anyone know how to proceed ? Thanks a lot - Frederic

Re: scp/sftp : how to allow GET only ?

Quoted text here. Click to load it

This gets into a lot of complexity. Since you're probably doing this for
system security reasons, you probably also want to keep people restricted to
the target directory, not able to wander around the file system nabbing
other files with read-access for all, such as the /etc/passwd file or
interestnig files in /tmp. That takes a chroot cage or a fundamentally
different approach, such as WebDAV over SSL which I recommend.

Go buy the O'Reilly book on SSH for details, but UNIX-like permissions allow
you to create a directory, and files, that are readable to everyone but
writable only to restricted users. It then becomes a problem of how you can
safely deposit the files there with the right permissions.

Re: scp/sftp : how to allow GET only ? writes:

Quoted text here. Click to load it

Change the permissions of the files and directories that you want
protected so the users logging in don't have write permissions (chmod
444 file, chmod 555 dir).

David Magda <dmagda at>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI

Site Timeline