-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restricted ssh commands compatibility (rrsync) #76
Comments
This is because there is no dir check on an existing directory. Try to play around with edge cases, where the directory does not exist, or is a file or a symlink, etc. Besides, a little bit later down the lines, there is also a The On the other hand, why don't you just allow the |
One of the great things about linux-timemachine :) If I were to allow the The I was thinking maybe instead of test something like this: if [[ $(rsync "${directory}" . --dry-run 2>/dev/null) == "skipping directory"* ]];then echo "It is a directory"; fi Tested with a file, directory, symlink and nonexistent file. I know it's ugly, but does not require another command besides |
Isn't that something you could do with a shell anyways?
|
|
Yes, but my plan was to block shell access and only allow However then they also won't be able to run the So that's why I suggested to not rely on For the time being I'm chrooting SSH users to their home directory, so they can't use |
I have restricted the commands SSH users can run to only
rrsync
using thecommand
options in the SSHauthorized_keys
file. Withrrsync
I can allow access to only a certain directory (and optionally provide read-only access) and block shell access.With this setup linux-timemachine fails:
I have commented out these lines:
linux-timemachine/timemachine
Lines 371 to 375 in 2fe23f3
Now the backup seems to complete successfully.
Would it be possible to not use
test -d
in this case? Perhaps thersync
command itself could be used to check if the source directory exists? Else if skipping this test doesn't cause issues, perhaps a new cli flag could be added?The text was updated successfully, but these errors were encountered: