Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:nologin-rsync-only [2017/11/08 10:07] – michael | linux:nologin-rsync-only [2017/11/08 10:26] (current) – michael | ||
---|---|---|---|
Line 4: | Line 4: | ||
<WRAP center box 100%> | <WRAP center box 100%> | ||
===== Möglichkeit 1 - Konfiguration / Umsetzung mit Skript ===== | ===== Möglichkeit 1 - Konfiguration / Umsetzung mit Skript ===== | ||
- | <wrap em> | + | <wrap em> |
- '' | - '' | ||
Line 71: | Line 71: | ||
| | ||
| | ||
- | </ | + | </ |
- | * Keep in mind: There is no need, to create an Group, if just one user should be able to have Access. In this case replace "Match group pfrsynconly" | + | |
---- | ---- | ||
Line 89: | Line 89: | ||
<WRAP center box 100%> | <WRAP center box 100%> | ||
===== Möglichkeit 2 - Konfiguration / Umsetzung mit Lshell ===== | ===== Möglichkeit 2 - Konfiguration / Umsetzung mit Lshell ===== | ||
- | <wrap em>Sichere | + | <wrap em>__Sichere |
- '' | - '' | ||
- | - '' | + | - '' |
- | # usermod -g pfrsynconly | + | # usermod -aG lshell |
- '' | - '' | ||
- | - '' | + | - '' |
- | # chmod +x /home/pfrsync/check_command.sh | + | |
- | # chown pfrsync:pfrsynconly / | + | # vim /etc/lshell.conf< |
+ | # | ||
+ | # $Id: lshell.conf,v 1.27 2010-10-18 19:05:17 ghantoos Exp $ | ||
- | # vim /home/pfrsync/check_command.sh< | + | [global] |
- | case $SSH_ORIGINAL_COMMAND in | + | logpath |
- | ' | + | loglevel |
- | | + | # |
- | ;; | + | |
- | *) | + | [default] |
- | | + | allowed |
- | ;; | + | forbidden |
- | esac | + | ## number of warnings when user enters a forbidden value before getting |
+ | ## exited from lshell, set to -1 to disable. | ||
+ | warning_counter : 2 | ||
+ | aliases | ||
+ | |||
+ | ## list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, | ||
+ | # | ||
+ | |||
+ | ## logging strictness. If set to 1, any unknown command is considered as | ||
+ | ## forbidden, and user's warning counter is decreased. If set to 0, command is | ||
+ | ## considered as unknown, and user is only warned (i.e. *** unknown synthax) | ||
+ | strict | ||
+ | |||
+ | ## force files sent through scp to a specific directory | ||
+ | # | ||
+ | |||
+ | ## history file maximum size | ||
+ | # | ||
+ | |||
+ | ## set history file name (default is / | ||
+ | # | ||
+ | |||
+ | [pfrsync] | ||
+ | path : ['/ | ||
+ | home_path | ||
+ | overssh | ||
+ | ## define the script to run at user login | ||
+ | # | ||
</ | </ | ||
- '' | - '' | ||
Line 149: | Line 178: | ||
AllowAgentForwarding yes | AllowAgentForwarding yes | ||
- | Match group pfrsynconly | + | Match group pfrsync |
- | # | + | |
| | ||
| | ||
| | ||
| | ||
- | | + | </ |
- | </ | + | |
- | * Keep in mind: There is no need, to create an Group, if just one user should be able to have Access. In this case replace "Match group pfrsynconly" | + | * <wrap em>Keep in mind:</ |
---- | ---- | ||
Line 167: | Line 194: | ||
# systemctl restart sshd | # systemctl restart sshd | ||
</ | </ | ||
+ | |||
</ | </ | ||
+ | ---- | ||
+ | |||
+ | ===== Weiteres: ===== | ||
+ | * '' |