[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Can SFTP do this



Ugh. Short answer is yes.

I'm pretty sure you could hack this with PAM but that risks security
issues later.

I would solve this with a single home dir and a triplet of alternate
users, one for each host.

Set up a .bashrc with the following last line for the incoming user:

sudo /usr/local/bin/awkward_user

And /usr/local/awkward_user is:
#!/bin/bash
su - $(who |grep $USER | awk '{print $5}' | sed 's/[()]//g' |awk -F '.'
'{print $1}')

Add the user to the sudoers file with ability to run
/usr/local/bin/awkward_user with no password

Modify the $() scriptlet as needed to isolate the incoming hostname as
a new user name.

Or just use a trio of folders and a cd.

NOTE: I've not done anything intelligent for the exit from this.
On Mon, 2016-10-10 at 12:10 -0400, Chuck Payne wrote:
> Ok,
> 
> > I have a client that as one account. They want to be able that if
they
> sftp what they want to do, if this account sftp from one of three
> host, that it connects to the correct to the correct home directory
> that matches the host,
> 
> ie..
> 
> devhost01 sftp to host1 connects to dev/home/directory
> 
> qahost01 sftp to host1 connects to qa/home/directory
> 
> prodhost01 sftp to host connects to prod/home/directory
> 
> host1 is the host running sshd
> 
> So is there way for sshd to see where the host is coming from and
> redirect it to the correct directory?
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20161011/b5d1bbda/attachment.html>