[geeks] hidden files and sftp

[Nadine Miller]

Shannon Hendrix wrote:
> On Feb 11, 2008, at 2:27 PM, velociraptor wrote:
> 
>> On Feb 6, 2008 1:16 PM, der Mouse <mouse at rodents.montreal.qc.ca> wrote:
>>>> Unfortunately, this is an openssh based system, and unless I've
>>>> missed something it seems there is no option to control what someone
>>>> sees with sftp.
>>>
>>> Well, you've got the source; it can't be all that hard to drop in code
>>> just before going to the filesystem that checks for a dotfile and
>>> pretends the file doesn't exist if so.
>>
>> Another tactic would be a restricted shell and putting the limited
>> users into directories with no dot files.  This was something we
>> looked at back at one of my $gov_agency jobs to give vendors the
>> ability to push files to our dev servers using a secure protocol as
>> ftp was a no-no.  We never implemented it, though.
>>
>> I can't remember the name of the restricted shell off the top of my
>> head, though, and my notes aren't with me.  You should be able to
>> exercise google-fu to find it.
> 
> The problem is that the system is wrapped up in a custom shell system 
> and it uses the standard UNIX tools in the background, which means they 
> use /etc/skel.
> 
> If I had infinite time, I could do things like that, but ideally I would 
> leave the account management alone since it currently works and I don't 
> want top have to fix it.
> 
> I might just change how we build user directories somehow, or fiddle 
> with how /etc/skel
> is used for each account type.
> 

How difficult would it be to have two profiles, though, and just set a 
flag in the wrapper program that creates the accounts?  AFAIK, /etc/skel 
doesn't just has the default dot files, it doesn't specify what shell 
things default to if none is specified by useradd/adduser.  It's been a 
while since I laid hands on FreeBSD, but I don't think you can run the 
script to create a user on Linux without specifying a shell.

=Nadine=