Yolinux.com

rssh.conf manpage

Search topic Section
Get manual page for the search topic
List all commands matching the search topic
List all topics in the manpage index

RSSH.CONF(5)			Derek D. Martin			  RSSH.CONF(5)



NAME
       /etc/rssh.conf - configuration file for rssh

OVERVIEW
       rssh.conf  is  the  configuration  file for rssh.  It allows the system
       administrator to control the behavior of the shell.  Configuration key-
       words  are either used by themselves on a line, or followed by an equal
       sign ('=') and a configuration value.  Comments start with a hash ('#')
       and  can	 occur	anywhere  on the line.	Configuration options are case
       insensitive. Spaces at the beginning or end of  line,  or  between  the
       equal  sign  and	 the configuration keywords or values are ignored.  If
       the value of a configuration option contains spaces, it	(or  at	 least
       the space) must be enclosed in either single or double quotes.

       A  default  configuration file is provided with the source distribution
       of rssh.	 If no configuration file is used, rssh will assume a  default
       umask  of  022,	and  allow only scp.  If a config file is present, the
       default is to lock out users if neither scp nor sftp have been  explic-
       itly allowed.

       New  in	v2.1  is the ability to configure options on a per-user basis,
       using the user keyword.	More details are below.


CONFIGURATION KEYWORDS
       allowscp
	      Tells the shell that scp is allowed.

       allowsftp
	      Tells the shell that sftp is allowed.

       allowcvs
	      Tells the shell that cvs is allowed.

       allowrdist
	      Tells the shell that rdist is allowed.

       allowrsync
	      Tells the shell that rsync is allowed.

       umask
	      Sets the umask value for file creations in the scp/sftp session.
	      This  is	normally  set  at  login time by the user's shell.  In
	      order not to use the system default, rssh must set the umask.

       logfacility
	      Allows the system administrator to control what syslog  facility
	      rssh logs to.  The facilities are the same as those used by sys-
	      logd.conf(5), or the C macros for the  facilities	 can  be  used
	      instead.	For example:

	      logfacility=user
	      logfacility=LOG_USER

	      are  equivalent, and tell rssh to use the user facility for log-
	      ging to syslog.

       chrootpath
	      Causes rssh (actually a helper program)  to  call	 the  chroot()
	      system  call,  changing  the root of the file system to whatever
	      directory is specified.  Note that the value on the  right  hand
	      side  of	the  equal  sign  is  the  name	 of a directory, not a
	      command.	For example:

	      chrootpath=/usr/chroot

	      will change the root of the virtual file system to  /usr/chroot,
	      preventing  the  user  from  being able to access anything below
	      /usr/chroot in the file system, and making /usr/chroot appear to
	      be  the  root  directory.	 Care must be taken to set up a proper
	      chroot jail; see the file CHROOT in the rssh source distribution
	      for  hints  about	 how  to  do this.  See also the chroot(2) man
	      page.

	      If the user's home directory (as specified  in  /etc/passwd)  is
	      underneath  the  path  specified	by this keyword, then the user
	      will be chdir'd into their home directory.  If it is  not,  then
	      they will be chdir'd to the root of the chroot jail.

	      In  other	 words,	 if  the jail is /chroot, and your user's home
	      directory is  /chroot/home/user,	then  once  rssh_chroot_helper
	      changes  the  root  of  the  system,  it will cd into /home/user
	      inside the jail.	However, if  your  user's  home	 directory  is
	      given  as /home/user in /etc/passwd, then even if that directory
	      exists in the jail, the chroot helper will not try to cd	there.
	      The  user's  normal home directory must live inside the jail for
	      this to work.

       user
	      The user keyword allows for the configuration of	options	 on  a
	      per-user	basis.	 THIS KEYWORD OVERRIDES ALL OTHER KEYWORDS FOR
	      THE SPECIFIED USER.  That is, if you use a user keyword for user
	      foo,  then foo will use only the settings in that user line, and
	      not any of the settings set with the keywords above.   The  user
	      keyword's	 argument consists of a group of fields separated by a
	      colon (':'), as shown below.  The fields are, in order:

	      username
		     The username of the user  for  whom  the  entry  provides
		     options
	      umask
		     The  umask	 for  this user, in octal, just as it would be
		     specified to the shell
	      access bits
		     Five binary digits, which indicate whether	 the  user  is
		     allowed  to use rsync, rdist, cvs, sftp, and scp, in that
		     order.  One means the command is allowed, zero  means  it
		     is not.
	      path
		     The directory to which this user should be chrooted (this
		     is	 not  a	 command,  it  is  a  directory	 name).	   See
		     chroot_path above for complete details.

	      For example, you might have something like this:

	      user = luser:022:00001:

	      This does the following: for the user with the username "luser",
	      set the umask to 022, disallow sftp,  and	 allow	scp.   Because
	      there  is	 no  chroot  path  specified,  the  user  will	not be
	      chrooted, regardless of default options set  with	 the  keywords
	      above.   If  you wanted this user to be chrooted, you would need
	      to specify the chroot path explicitly, even if it should be  the
	      same as that set using the chrootpath keyword.  Remember that if
	      there are spaces in the path, you need to	 quote	it,  something
	      like this:

	      user = "luser:022:00001:/usr/local/chroot dir"

	      See the default rssh.conf file for more examples.


SEE ALSO
       rssh(1),	 sshd(8), ssh(1), scp(1), sftp(1), syslogd.conf(5), chroot(2).





man pages			  7 Jul 2003			  RSSH.CONF(5)
YoLinux.com Home Page
YoLinux Tutorial Index
Privacy Policy | Advertise with us | Feedback Form |
Unauthorized copying or redistribution prohibited.
    Bookmark and Share