[lug] Looking for best way to avoid scripting password

Rob Nagler nagler at bivio.biz
Fri Apr 3 10:16:43 MDT 2009


Chip Atkinson writes:
> Thanks for this suggestion too.  I'd never heard of scponly.  I'm looking
> into it now.  Is readonly access achieved through scponly?

scponly scrutinizes arguments, and only allows "reasonable" commands.
However, an attacker can still do a lot of damage with an scponly'd
login.  The login must be protected some how.  It should have read
access to all the files you want to backup, and no write access.  You
could do this by adding the scponly'd user to all the groups of the
the directories you want to backup, and then audit that the
directories (and all their contents) do not set group write.  Another
alternative is to make all the files you want to backup publicy
readable, and not add the scponly'd to any groups.  Yet another
alternative is to mount the file systems read-only during the backup
process.

Note that scponly needs to be compiled for rsync if you want to use
this approach.

You might also consider running rsyncd, instead of scponly, as the
shell for this user.  You can then run the server in read-only mode so
that it can't modify the local file system.

Rob



More information about the LUG mailing list