Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Locking down access vi winscp
Operating Systems AIX Locking down access vi winscp Post 302958762 by -=XrAy=- on Monday 26th of October 2015 08:06:27 AM
Old 10-26-2015
Quote:
Originally Posted by juredd1
Is anyone aware of a way to lock a user down into their home directory when using tools like winscp? We use chroot type security on our linux "FTP". But not sure how putting chroot type security on this AIX server might affect normal enduser logins to the application that resides on this server as when they come in like they should the application is the one accessing the other sensitive areas and is not allowing the user to access areas that don't belong to them.

Thanks for your time.
Justin
Here is a small example how to setup a restricted shell:

1. Make sure rksh is in the list of valid shells.
Code:
grep rksh /etc/security/login.cfg

2. Change users shell to rksh.
Code:
chsh <user> /usr/bin/rksh

3. Prepare your environment (create for every allowed command a symbolic link)
Code:
mkdir /usr/bin/restricted
ln -s /usr/bin/ls /usr/bin/restricted/ls
ln -s /usr/bin/cat /usr/bin/restricted/cat
...

4. Replace the PATH-variable in users .profile file and fit the environment settings for your applications.
Code:
export PATH=/usr/bin/restricted

5. Adjust the permissions
Code:
chown bin:bin /home/<user> /home/<user>/.profile
chmod -w /home/<user> /home/<user>/.profile

6. Test it.
Code:
$ cd /
rksh: cd: 0403-019 The operation is not allowed in a restricted shell.

Works well with winscp.

Regards
 

6 More Discussions You Might Find Interesting

1. Linux

WINSCP for Linux?

Is there something that will work on Linux with the same functionality like Winscp? (5 Replies)
Discussion started by: soupbone38
5 Replies

2. AIX

File access issue through sftp/winscp

Hi, I have SSH where I want to restrict browsing for a user "drrep" to the assigned home directory only.So I have put a entry in the sshd_config file as “AllowFiles "drrep:/fcrarch/fl02r/*" as shown in the scrren below. But due to this setting none of the users are able to login through winscp... (0 Replies)
Discussion started by: dwiravi
0 Replies

3. AIX

winscp between AIX and windows

Hello Admins, I am trying to copy some files/packages from my windows host to AIX server. I am a normal user not root. I am getting an error as below: cannot initialize sftp protocol..... I have enabled the ftp service. Could you help me out.. (7 Replies)
Discussion started by: snchaudhari2
7 Replies

4. AIX

WINSCP Log in AIX 6.1

Hello Team, In my environment , Application team using winscp to create/modify/delete the files in the AIX server from their windows boxes. I have enabled the user history, su logs and lastlog, but the users whoever using winscp its not getting tracked. How to enable the WINSCP logs in AIX... (3 Replies)
Discussion started by: gowthamakanthan
3 Replies

5. UNIX for Dummies Questions & Answers

What is winscp?

Hi I am new to using unix and editors for unix.. what is winscp? how to use it? what are ways to download this and learn? (1 Reply)
Discussion started by: swathi123
1 Replies

6. UNIX for Dummies Questions & Answers

Putty and winscp - what is the difference?

Want to understand the difference between putty and winscp. thanks in advance (2 Replies)
Discussion started by: swathi123
2 Replies

LEARN ABOUT MINIX

gzexe

GZEXE(1)                                                      General Commands Manual                                                     GZEXE(1)

NAME

       gzexe - compress executable files in place

SYNOPSIS

       gzexe name ...

DESCRIPTION

       The  gzexe  utility  allows you to compress executables in place and have them automatically uncompress and execute when you run them (at a
       penalty in performance).  For example if you execute ``gzexe /usr/bin/gdb'' it will create the following two files:
           -rwxr-xr-x  1 root root 1026675 Jun  7 13:53 /usr/bin/gdb
           -rwxr-xr-x  1 root root 2304524 May 30 13:02 /usr/bin/gdb~
       /usr/bin/gdb~ is the original file and /usr/bin/gdb is the self-uncompressing executable file.  You can remove /usr/bin/gdb~ once  you  are
       sure that /usr/bin/gdb works properly.

       This utility is most useful on systems with very small disks.

OPTIONS

       -d     Decompress the given executables instead of compressing them.

SEE ALSO

       gzip(1), znew(1), zmore(1), zcmp(1), zforce(1)

CAVEATS

       The  compressed executable is a shell script.  This may create some security holes.  In particular, the compressed executable relies on the
       PATH environment variable to find gzip and some standard utilities (basename, chmod, ln, mkdir, mktemp, rm, sleep, and tail).

BUGS

       gzexe attempts to retain the original file attributes on the compressed executable, but you may have to fix them manually  in  some  cases,
       using chmod or chown.

                                                                                                                                          GZEXE(1)
All times are GMT -4. The time now is 01:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy