Write only directory.
Is it possible to let a user write to a directory but not access the file after they write it? The file is being transferred via scp and after the transfer I don't want them to be able to re-fetch or even get a directory listing. Thanks. -- Paul Halliday http://www.squertproject.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Write only directory.
Paul == Paul Halliday paul.halli...@gmail.com writes: Paul Is it possible to let a user write to a directory but not access the Paul file after they write it? Paul The file is being transferred via scp and after the transfer I don't Paul want them to be able to re-fetch or even get a directory listing. scp is via ssh. with ssh, they get a complete command line. how are you going to prevent *that*? -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Write only directory.
On Mon, May 7, 2012 at 3:49 PM, Randal L. Schwartz mer...@stonehenge.com wrote: Paul == Paul Halliday paul.halli...@gmail.com writes: Paul Is it possible to let a user write to a directory but not access the Paul file after they write it? Paul The file is being transferred via scp and after the transfer I don't Paul want them to be able to re-fetch or even get a directory listing. scp is via ssh. with ssh, they get a complete command line. how are you going to prevent *that*? The users shell is /bin/false and sshd is setup like: Match User a_user ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Write only directory.
Paul Halliday paul.halli...@gmail.com writes: On Mon, May 7, 2012 at 3:49 PM, Randal L. Schwartz mer...@stonehenge.com wrote: Paul == Paul Halliday paul.halli...@gmail.com writes: Paul Is it possible to let a user write to a directory but not access the Paul file after they write it? Paul The file is being transferred via scp and after the transfer I don't Paul want them to be able to re-fetch or even get a directory listing. scp is via ssh. with ssh, they get a complete command line. how are you going to prevent *that*? The users shell is /bin/false and sshd is setup like: Match User a_user ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no There is also shells/scponly for this kind of thing. As for the file permissions question: not sure how to tackle that. -- - Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Write only directory.
On 07/05/2012 20:38, Paul Halliday wrote: Is it possible to let a user write to a directory but not access the file after they write it? The file is being transferred via scp and after the transfer I don't want them to be able to re-fetch or even get a directory listing. Hi, If user has no shell access I suppose the problem is that the user might be able to overwrite an existing file. The problem is what owner/permissions/flags the files will have after transfer. I don't know if this will work, but check if setting append only flag on a directory might do. I would expect the append only flag on a directory to allow only creating new files, so existing files cannot be overwritten. Other flags might also be required, also check what you can do with ACL and extended attributes. BR, Erik -- M: +34 666 334 818 T: +34 915 211 157 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Write only directory.
On May 7, 2012, at 11:38 AM, Paul Halliday wrote: Is it possible to let a user write to a directory but not access the file after they write it? The file is being transferred via scp and after the transfer I don't want them to be able to re-fetch or even get a directory listing. A directory with 0300 / 0330 umask permissions will prevent directory listing, but if they know the filename, they can still read from it as a necessary consequence of being able to write to it (think of appending data). It sounds like you are trying to implement the SFTP equivalent of an FTP incoming upload dropbox, so the comments in man ftpd might be helpful. However, it might be easier to setup a cronjob every minute which moves any files in the dropbox location to some other place for review and processing, which will prevent read access as well as making directory listings moot. (People offering anonymous FTP incoming tend to do this, even if their ftpd offers support for blocking read access for anonymous users, etc...) Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org