Name: scponly Version: 4.8 Release: alt1 Summary: Limited shell for secure file transfers License: GPL Group: Networking/Remote access Url: http://sublimation.org/%name Source: http://prdownloads.sourceforge.net/%name/%name-%version.tgz Summary(ru_RU.KOI8-R): õÓÅÞ£ÎÎÙÊ ÉÎÔÅÒÐÒÅÔÁÔÏÒ ËÏÍÁÎÄ ÄÌÑ ÕÄÁÌ£ÎÎÏÇÏ ÄÏÓÔÕÐÁ ÞÅÒÅÚ scp/sftp/rsync/... %define shell_list %_sysconfdir/shells %define sftp_server_path %_libexecdir/openssh/sftp-server %def_enable restrictive_names %def_enable wildcards %def_enable gftp_compat %def_enable winscp_compat %def_enable scp_compat %def_enable unison_compat %def_enable rsync_compat %def_enable chrooted_binary %def_enable svn_compat %def_enable svnserv_compat %def_enable passwd_compat %define tr_() %(echo '%*' | tr -- '_' '-') %define se_restrictive_names %{subst_enable restrictive_names} %define se_gftp_compat %{subst_enable gftp_compat} %define se_winscp_compat %{subst_enable winscp_compat} %define se_scp_compat %{subst_enable scp_compat} %define se_unison_compat %{subst_enable unison_compat} %define se_rsync_compat %{subst_enable rsync_compat} %define se_chrooted_binary %{subst_enable chrooted_binary} %define se_svn_compat %{subst_enable svn_compat} %define se_svnserv_compat %{subst_enable svnserv_compat} %define se_passwd_compat %{subst_enable passwd_compat} %description "scponly" is an alternative "shell" (of sorts) for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges. Functionally, it is best described as a wrapper to the tried-and-true ssh suite. scponly validates remote requests by examining the third argument passed to the shell upon login (the first argument is the shell itself, and the second is "-c"). The only commands allowed are "scp", "sftp-server" and "ls". Arguments to these commands are passed along unmolested. Some features are: - compatibility with sftp, WinSCP 2.0/3.0, gftp, rsync, Unison, Subversion. - chroot: scponly can chroot to the user's home directory (or any other directory the user has permissions for), disallowing access to the rest of the filesystem. - logging: scponly logs time, client IP address, username, and the actual request to syslog. %description -l ru_RU.KOI8-R "scponly" Ñ×ÌÑÅÔÓÑ ÉÎÔÅÐÒÅÔÁÔÏÒÏÍ ËÏÍÁÎÄÎÏÊ ÓÔÒÏËÉ (Ô.Î. shell). åÇÏ ÓÌÅÄÕÅÔ ÎÁÚÎÁÞÁÔØ ÐÏÌØÚÏ×ÁÔÅÌÑÍ, ËÏÔÏÒÙÍ ÎÕÖÎÏ ÕÄÁÌ£ÎÎÏ ÞÉÔÁÔØ É ÐÉÓÁÔØ ÆÁÊÌÙ ÞÅÒÅÚ SFTP/SCP (ÐÒÏÔÏËÏÌ ÄÌÑ ÐÅÒÅÄÁÞÉ ÆÁÊÌÏ× Ó ËÏÍÐØÀÔÅÒÁ ÎÁ ËÏÍÐØÀÔÅÒ ÞÅÒÅÚ SSH), ÎÏ ÂÅÚ ÐÒÁ×Á ÚÁÐÕÓËÁ ËÏÍÁÎÄ ÎÁ ÕÄÁÌ£ÎÎÏÍ ÓÅÒ×ÅÒÅ (ÇÌÁ×ÎÏÅ ÎÁÚÎÁÞÅÎÉÅ SSH). óÈÏÖÅÊ ÃÅÌÉ ÓÌÕÖÉÔ ÐÓÅ×ÄÏ-ÛÅÌÌ ftponly, ÎÁÚÎÁÞÁÅÍÙÊ ÐÏÌØÚÏ×ÁÔÅÌÑÍ, ÒÁÂÏÔÁÀÝÉÍ Ó ÆÁÊÌÁÍÉ ÎÁ ÓÅÒ×ÅÒÅ ÞÅÒÅÚ FTP. ëÌÀÞÅ×ÙÅ ×ÏÚÍÏÖÎÏÓÔÉ: - ÓÏ×ÍÅÓÔÉÍÏÓÔØ Ó sftp, WinSCP, gftp, rsync, Unison, Subversion, - ÓÍÅÎÁ ËÏÒÎÅ×ÏÇÏ ËÁÔÁÌÏÇÁ (chroot) ÄÌÑ ÐÒÅÄÏÔ×ÒÁÝÅÎÉÑ ÄÏÓÔÕÐÁ ÚÁ ÐÒÅÄÅÌÙ ÄÏÍÁÛÎÅÇÏ ËÁÔÁÌÏÇÁ ÐÏÌØÚÏ×ÁÔÅÌÑ, - ÄÅÔÁÌØÎÏÅ ÐÒÏÔÏËÏÌÉÒÏ×ÁÎÉÅ ×ÙÐÏÌÎÑÅÍÙÈ ÄÅÊÓÔ×ÉÊ ÞÅÒÅÚ syslog. %prep %setup -q %__cp -p Makefile.in Makefile.in.orig %__subst 's,${INSTALL} -o 0 -g 0,${INSTALL},' Makefile.in %build %configure --with-sftp-server=%sftp_server_path \ scponly_PROG_PASSWD=%_bindir/passwd \ scponly_PROG_USERADD=%_sbindir/useradd \ scponly_PROG_UNISON=%_bindir/unison \ scponly_PROG_RSYNC=%_bindir/rsync \ scponly_PROG_SVNSERV=%_bindir/svnserve \ scponly_PROG_SVN=%_bindir/svn \ scponly_PROG_SCP=%_bindir/scp \ scponly_PROG_SFTP_SERVER=%_libexecdir/openssh/sftp-server \ %{subst_enable wildcards} \ %tr_ %se_gftp_compat %se_winscp_compat %se_scp_compat \ %tr_ %se_unison_compat %se_rsync_compat %se_chrooted_binary \ %tr_ %se_svn_compat %se_svnserv_compat %se_passwd_compat \ %tr_ %se_restrictive_names # Presented on any system by default (even in hasher) and assigned implicitly.. # scponly_PROG_LS # scponly_PROG_RM # scponly_PROG_LN # scponly_PROG_MV # scponly_PROG_CHMOD # scponly_PROG_CHOWN # scponly_PROG_CHGRP # scponly_PROG_MKDIR # scponly_PROG_RMDIR # scponly_PROG_PWD # scponly_PROG_GROUPS # scponly_PROG_ID # scponly_PROG_ECHO %make_build %install %makeinstall CONFDIR=%buildroot%_sysconfdir/%name %post for f in \ %_bindir/%name \ %if_enabled chrooted_binary %_sbindir/%{name}c \ %endif ; do %__grep -q "^$f\$" %shell_list && continue echo $f >> %shell_list done %preun for f in \ %_bindir/%name \ %if_enabled chrooted_binary %_sbindir/%{name}c \ %endif ; do %__grep -q "^$f\$" %shell_list || continue %__grep -v "^$f\$" %shell_list > %shell_list.uninstall_%name %__cat %shell_list.uninstall_%name > %shell_list %__rm -f %shell_list.uninstall_%name done %files %_bindir/%name %if_enabled chrooted_binary %_sbindir/%{name}c %endif %_sysconfdir/%name %_man8dir/%name.* %doc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB COPYING README TODO build_extras/setup_chroot.sh.RH9 %changelog * Tue Feb 5 2008 Ilya G. Evseev <evseev@altlinux.ru> 4.8-alt1 - Updated to new version 4.8, fixes CVE-2007-6415 problem - Change source URL to SourceForge * Wed Feb 1 2006 Ilya G. Evseev <evseev@altlinux.ru> 4.6-alt1 - Updated to new version 4.6, containing all previous patches * Mon Jan 9 2006 Ilya G. Evseev <evseev@altlinux.ru> 4.3-alt2 - Added patch for working Unison in chrooted environment: https://lists.ccs.neu.edu/pipermail/scponly/2006-January/001071.html - Added (but not applied) obsoleted patch for working WinSCP in SCP mode: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001029.html * Fri Dec 30 2005 Ilya G. Evseev <evseev@altlinux.ru> 4.3-alt1 - Updated to new version 4.3 with critical security fixes - Apply patch from http://bugs.gentoo.org/show_bug.cgi?id=116526 * Wed Nov 16 2005 Ilya G. Evseev <evseev@altlinux.ru> 4.1-alt1 - Initial build for ALTLinux ## EOF ##