![](https://seccdn.libravatar.org/avatar/861b5545c111d2257fa12e533e723110.jpg?s=120&d=mm&r=g)
17 Mar
2005
17 Mar
'05
01:51
The Wednesday 2005-03-16 at 20:12 -0500, David Truchan-contr wrote:
However, I've noticed that there is nothing stopping a savy user from doing something like this:
cat somefile |ssh hostname "cat - > /somedir/file-with-weak-perms"
Aside from chrooting ssh, does anyone know of a clever way to avoid this scenario?
You could define their default shell to be rbash. It does not allow changing directory. Check the man page for more info. There are other restricted shells. I don't know how scp or sftp are affected, however. -- Cheers, Carlos Robinson