Features

boblaublaw edited this page Oct 10, 2011 · 1 revision

true

  • logging: scponly logs time, client IP, username, and the actual request to syslog
  • chroot: scponly can chroot to the user's home directory, disallowing access to the rest of the filesystem.
  • sftp compatibility and sftp-logging compatibility
  • WinSCP 2.0 compatibility
  • rsync compatibility as a compile time option
  • UNISON compatibility
  • subversion compatibility
  • gFTP compatibility.
Instead of just a single anon user, scponly supports configuring potentially many users, each of which could could be set up to provide access to distinct directory trees. Aside from the installation details (see Install), each of these users would have their default shell in /etc/passwd set to "/usr/local/sbin/scponly" (or wherever you choose to install it). This would mean users with this shell can neither login interactively or execute commands remotely. They can however, scp files in and out, governed by the usual unix file permissions.

Notable ./configure Options

Here is the complete list of scponly specific configure options:

Disable Restrictive Filename Checks

  --disable-restrictive-names

Disable Wildcards

  --disable-wildcards

Disable gftp Compatibility

  --disable-gftp-compat

Enable WinSCP compatibility

  --enable-winscp-compat

Enable sftp Logging Compatibility

  --enable-sftp-logging-compat

Enable UNISON Compatibility

  --enable-unison-compat

Enable scp Compatibility

  --enable-scp-compat

Enable rsync Compatibility

  --enable-rsync-compat

Enable chroot()-ed binary

  --enable-chrooted-binary

Disable chroot() Directory Check

  --disable-chroot-checkdir

Enable svn Compatibility

  --enable-svn-compat  

Enable svnserv Compatibility

  --enable-svnserv-compat

Enable passwd Compatibility

  --enable-passwd-compat

Enable quota Compatibility

  --enable-quota-compat

Specify sftp-server Pathname

  --with-sftp-server=

Default chdir

  --with-default-chdir=DIR