I'm writing a simple program to back-up some files to a Linux box. The transaction will take place over SSH and each copy of the program will have its own account on the Linux box that it will connect to.
My concern is that it's likely a user of the software will figure out their account name and password (which will be randomly generated beforehand) and want to connect to the box and play around.
I would like to disable their ability to do anything on that box besides what I would authorize the back-up software to do. That is, they only need to create new files and read old ones (no updates or deletes). They shouldn't need the ability to execute bc or a who or anything of the sort.
I've thought about trying to chroot each user into their home directory, but I'm kinda fuzzy on how to do all that.
Any suggestions on how to achieve this desired functionality?
Thanks!
The
authorized_keysfile for an account can specify a command to be used whenever a specific key is used for authentication. This will require you to set up authentication using keys instead of user/password- although imho that's a good thing to do anyway.For example, gitosis uses this method to allow people to connect to a server using ssh to tunnel the git protocol, but not allow them to login. The authorized_keys manpage gives examples, e.g.:
Use scponly with the chroot option. This will give the users a special chrooted login, with only the binaries you want them to use.
See http://www.sublimation.org/scponly/wiki/index.php/Install
You can use rssh (http://www.pizzashack.org/rssh/), it's like scponly but supports scp, sftp , rsync & cvs