10-23-2015
Locking down access vi winscp
Did some search but didn't find what I was looking for. We have a fairly complex system in which we have a special shell that is actually a script that runs some checks to make sure the user is coming in via the approved ssh client and if not they are kicked out.
Recently we figured out folks are coming in via winscp and it would appear that winscp does not follow the same rules so the special script not getting invoked and blocking them.
Does users coming in via winscp run the .profile for a given user?
I thought I knew AIX pretty well but this is beyond me at this point.
So users are coming in through winscp and accessing areas that they should not be in. Those areas are more open than they should normally but user when logging in normally don't get shell access they are forced into a program so the areas of concerns were never accessible to them. It's really an application issue that is causing those sensitive areas to be open like they are so they can't be locked down at the file/directory level.
Is anyone aware of a way to lock a user down into their home directory when using tools like winscp? We use chroot type security on our linux "FTP". But not sure how putting chroot type security on this AIX server might affect normal enduser logins to the application that resides on this server as when they come in like they should the application is the one accessing the other sensitive areas and is not allowing the user to access areas that don't belong to them.
Thanks for your time.
Justin
6 More Discussions You Might Find Interesting
1. Linux
Is there something that will work on Linux with the same functionality like Winscp? (5 Replies)
Discussion started by: soupbone38
5 Replies
2. AIX
Hi,
I have SSH where I want to restrict browsing for a user "drrep" to the assigned home directory only.So I have put a entry in the sshd_config file as “AllowFiles "drrep:/fcrarch/fl02r/*" as shown in the scrren below. But due to this setting none of the users are able to login through winscp... (0 Replies)
Discussion started by: dwiravi
0 Replies
3. AIX
Hello Admins,
I am trying to copy some files/packages from my windows host to AIX server. I am a normal user not root.
I am getting an error as below:
cannot initialize sftp protocol.....
I have enabled the ftp service.
Could you help me out.. (7 Replies)
Discussion started by: snchaudhari2
7 Replies
4. AIX
Hello Team,
In my environment , Application team using winscp to create/modify/delete the files in the AIX server from their windows boxes. I have enabled the user history, su logs and lastlog, but the users whoever using winscp its not getting tracked. How to enable the WINSCP logs in AIX... (3 Replies)
Discussion started by: gowthamakanthan
3 Replies
5. UNIX for Dummies Questions & Answers
Hi I am new to using unix and editors for unix..
what is winscp? how to use it? what are ways to download this and learn? (1 Reply)
Discussion started by: swathi123
1 Replies
6. UNIX for Dummies Questions & Answers
Want to understand the difference between putty and winscp.
thanks in advance (2 Replies)
Discussion started by: swathi123
2 Replies
LEARN ABOUT DEBIAN
git-sh-setup
GIT-SH-SETUP(1) Git Manual GIT-SH-SETUP(1)
NAME
git-sh-setup - Common git shell script setup code
SYNOPSIS
. "$(git --exec-path)/git-sh-setup"
DESCRIPTION
This is not a command the end user would want to run. Ever. This documentation is meant for people who are studying the Porcelain-ish
scripts and/or are writing new ones.
The git sh-setup scriptlet is designed to be sourced (using .) by other shell scripts to set up some variables pointing at the normal git
directories and a few helper shell functions.
Before sourcing it, your script should set up a few variables; USAGE (and LONG_USAGE, if any) is used to define message given by usage()
shell function. SUBDIRECTORY_OK can be set if the script can run from a subdirectory of the working tree (some commands do not).
The scriptlet sets GIT_DIR and GIT_OBJECT_DIRECTORY shell variables, but does not export them to the environment.
FUNCTIONS
die
exit after emitting the supplied error message to the standard error stream.
usage
die with the usage message.
set_reflog_action
set the message that will be recorded to describe the end-user action in the reflog, when the script updates a ref.
git_editor
runs an editor of user's choice (GIT_EDITOR, core.editor, VISUAL or EDITOR) on a given file, but error out if no editor is specified
and the terminal is dumb.
is_bare_repository
outputs true or false to the standard output stream to indicate if the repository is a bare repository (i.e. without an associated
working tree).
cd_to_toplevel
runs chdir to the toplevel of the working tree.
require_work_tree
checks if the current directory is within the working tree of the repository, and otherwise dies.
require_work_tree_exists
checks if the working tree associated with the repository exists, and otherwise dies. Often done before calling cd_to_toplevel, which
is impossible to do if there is no working tree.
require_clean_work_tree <action> [<hint>]
checks that the working tree and index associated with the repository have no uncommitted changes to tracked files. Otherwise it emits
an error message of the form Cannot <action>: <reason>. <hint>, and dies. Example:
require_clean_work_tree rebase "Please commit or stash them."
get_author_ident_from_commit
outputs code for use with eval to set the GIT_AUTHOR_NAME, GIT_AUTHOR_EMAIL and GIT_AUTHOR_DATE variables for a given commit.
GIT
Part of the git(1) suite
Git 1.7.10.4 11/24/2012 GIT-SH-SETUP(1)