X-Spam-Check-By: sourceware.org
Date: Thu, 1 Mar 2007 16:28:15 +0200
Message-Id: <200703011428.l21ESF4S026963@beta.mvs.co.il>
From: "Ehud Karni" <ehud@unix.mvs.co.il>
To: skatingrox2@gmail.com
Cc: cygwin@cygwin.com
Subject: Re: Remove user access to local drives?
In-reply-to: <loom.20070227T203610-344@post.gmane.org> (message from Francis 	on Tue, 27 Feb 2007 19:37:25 +0000 (UTC))
Reply-to: ehud@unix.mvs.co.il
References:  <loom.20070227T203610-344@post.gmane.org>
X-Mailer: Emacs 21.3.1 rmail (send-msg 1.108)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-8-i
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Tue, 27 Feb 2007 19:37:25, Francis wrote:
>
> I am running a OpenSSH server for some friends on my machine, and I was hoping
> to disable access to /cygdrive (local drives.)  Is there a way to prevent them
> from modifying any files also?  this is intended just as a SSH tunneling method
> to get us around some Websense.


I have restricted ssh users to a some directory with some commands only
on GNU/Linux by using `chroot' and restricted shell (bash). This won't
work on Cygwin, because there is no `chroot' jail (not supported by the
underlying OS).

You have 2 options:
1. Use the /etc/passwd to specify your own shell which will check the
   input and execute only the allowed commands (by being filter to a
   shell or by calling `system').

2. Use cgf advice and restrict the ssh user to one command only (by the
   authorized_keys file which will be a filter (same as in 1). This has
   some drawbacks on Cygwin (unlike UNIX), but for your purpose it is
   not significant.

Ehud.


--
 Ehud Karni           Tel: +972-3-7966-561  /"\
 Mivtach - Simon      Fax: +972-3-7966-667  \ /  ASCII Ribbon Campaign
 Insurance agencies   (USA) voice mail and   X   Against   HTML   Mail
 http://www.mvs.co.il  FAX:  1-815-5509341  / \
 GnuPG: 98EA398D <http://www.keyserver.net/>    Better Safe Than Sorry

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/