GNU Rush
	Restricted User Shell	Sergey Poznyakoff

• Main
• Downloads
• Documentation

6.1 scp

The scp utility is executed on the server side with option -t, when copying files to server, and with -f when copying from it. Thus, the basic templates for scp rules are:

# Copying to server:
rule scp-to
  match $command ~ "^scp -t"
  ...

# Copying from server:
rule scp-from
  match $command ~ "^scp -f"
  ...

You may also wish to allow for -v (‘verbose’) command line option. In this case, the ‘scp-to’ rule will become:

rule scp-to
  match $command ~ "^scp (-v )?-t"
  ...

Now, we want users to be able to upload files to /home/ftp/incoming directory. Moreover, the /home/ftp directory prefix must be invisible to them. We should also make sure that the user cannot get outside the incoming directory by using ../ components in his upload path. So, our first rule for scp uploads will be:

rule scp-to-incoming
  match $command ~ "^scp (-v )?-t /incoming/" && \
                   ${-1} !~ "\\.\\./"
  set command "/bin/scp"
  set [-1] =~ "s|^|/home/ftp/|"

The match statement ensures that no relative components are used. The two set statements ensure that the right scp binary is used and that /home/ftp prefix is prepended to the upload path.

Other than uploading to /incoming, users must be able to use scp to manage public_html directories located in their homes. They should use relative paths for that, i.e., the command:

$ scp file.html server:

will copy file file.html to ~/public_html/file.html on the server. The corresponding rule is:

rule scp-home
  match $command ~ "^scp (-v )?-[tf] [^/].*" && \
                   ${-1} !~ "\\.\\./"
  set [0] = "/bin/scp"
  set [-1] =~ "s|^|public_html/|"
  chdir "~"

Finally, we provide two trap rules for diagnostic purposes:

rule scp-to-trap
  match $command ~ "^scp (-v )?-t"
  exit "Error: Uploads to this directory prohibited"

rule scp-from
  match $command ~ "^scp (-v )?-f"
  exit Error: Downloads from this directory prohibited