[ale] Can SFTP do this

Jim Kinney jkinney at jimkinney.us
Tue Oct 11 18:52:56 EDT 2016 

The more I think of this, the less I like it. A single home dir per
user is a rule for a number of reasons. If they need to move files into
a different folder based on source, then beat the user with some
training on how to put files where they go. A little responsibility can
go a long way. Something as simple as

/home/<user>/{mach1,mach2,mach3} and some scripting on each source
machine to automate a push/pull.

On Tue, 2016-10-11 at 17:12 -0400, Jim Kinney wrote:
> Ugh. Short answer is yes.
> 
> > I'm pretty sure you could hack this with PAM but that risks security
issues later.
> 
> > I would solve this with a single home dir and a triplet of alternate
users, one for each host.
> 
> Set up a .bashrc with the following last line for the incoming user:
> 
> sudo /usr/local/bin/awkward_user
> 
> And /usr/local/awkward_user is:
> #!/bin/bash
> > su - $(who |grep $USER | awk '{print $5}' | sed 's/[()]//g' |awk -F
'.' '{print $1}')
> 
> > Add the user to the sudoers file with ability to run
/usr/local/bin/awkward_user with no password
> 
> > Modify the $() scriptlet as needed to isolate the incoming hostname
as a new user name.
> 
> Or just use a trio of folders and a cd.
> 
> NOTE: I've not done anything intelligent for the exit from this.
> On Mon, 2016-10-10 at 12:10 -0400, Chuck Payne wrote:
> > Ok,
> > > > I have a client that as one account. They want to be able that if
they
> > sftp what they want to do, if this account sftp from one of three
> > host, that it connects to the correct to the correct home directory
> > that matches the host,
> > 
> > ie..
> > 
> > devhost01 sftp to host1 connects to dev/home/directory
> > 
> > qahost01 sftp to host1 connects to qa/home/directory
> > 
> > prodhost01 sftp to host connects to prod/home/directory
> > 
> > host1 is the host running sshd
> > 
> > So is there way for sshd to see where the host is coming from and
> > redirect it to the correct directory?
> > 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20161011/cff04ab9/attachment.html>

More information about the Ale mailing list