[geeks] hidden files and sftp

[Shannon Hendrix]

On Feb 11, 2008, at 2:27 PM, velociraptor wrote:

> On Feb 6, 2008 1:16 PM, der Mouse <mouse at rodents.montreal.qc.ca>  
> wrote:
>>> Unfortunately, this is an openssh based system, and unless I've
>>> missed something it seems there is no option to control what someone
>>> sees with sftp.
>>
>> Well, you've got the source; it can't be all that hard to drop in  
>> code
>> just before going to the filesystem that checks for a dotfile and
>> pretends the file doesn't exist if so.
>
> Another tactic would be a restricted shell and putting the limited
> users into directories with no dot files.  This was something we
> looked at back at one of my $gov_agency jobs to give vendors the
> ability to push files to our dev servers using a secure protocol as
> ftp was a no-no.  We never implemented it, though.
>
> I can't remember the name of the restricted shell off the top of my
> head, though, and my notes aren't with me.  You should be able to
> exercise google-fu to find it.

The problem is that the system is wrapped up in a custom shell system  
and it uses the standard UNIX tools in the background, which means  
they use /etc/skel.

If I had infinite time, I could do things like that, but ideally I  
would leave the account management alone since it currently works and  
I don't want top have to fix it.

I might just change how we build user directories somehow, or fiddle  
with how /etc/skel
is used for each account type.

-- 
Shannon Hendrix
shannon at widomaker.com