[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Error parsing jk_lsh.ini
From: |
Olivier Sessink |
Subject: |
Re: [Jailkit-users] Error parsing jk_lsh.ini |
Date: |
Mon, 16 Nov 2009 08:22:03 +0100 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Art Swri wrote:
> Thanks for the quick replies.
>
> I want to limit the user to doing only rsync so that I can very tightly
> control what the user can do. (Mainly I want to disallow any uploads and
> allow downloads from only one dir.)
>
> I was indeed using the wrong jk_lsh.ini file - my bad, I did not read
> the example carefully. After editing the correct ini file (and following
> the man page example for the ini file) I am pleased to report that it works.
>
> I have been advised that setting up a jail is too error prone and we
> should just use permitopen and no-pty options in ~/.ssh/authorized_keys.
> Anybody have opinions (or better, experience) regarding the tradeoffs?
manually setting up a jail is indeed very error prone, that was the very
reason why we started jailkit development - it includes checks for all
obvious errors, and it automates things such that errors are hard to make.
Olivier