Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes

[Andrew Suffield]

On Fri, Jan 30, 2004 at 09:42:11PM +0000, Scott Parish wrote:
> I did some initial looking around this morning and found that you can
> specify in a user's authorized_keys file a specific program to be
> executed as their "shell", and won't allow overriding that; the same can
> prevent pty usage, port/x11 forwarding, etc.
> 
> Thinking out loud...
> 
> What would be really nice is if an ssh user could allow for subusers,
> kind of like the whole dot-qmail thing. As an example, i could define
> srp-anonymous and srp-srp. Those two subusers would be authenticated
> based off some mechanism which i (srp) defined somewhere in my ~/.ssh/
> directory (auth against flat file or database or pub keys file ...).
> Those users i could also lock down, so that they can only run certain
> subsystems and the like.
> 
> When a user successfully authenticates as a subuser, sshd will setuid to
> the owning user ("srp"), and then set an environment variable VUSER to
> the subuser ("anonymous" or "srp") before execing the subsystem or shell
> or whatever.
> 
> 
> Would this be useful, or would i be wasting my time looking into doing
> such? Also, is this a solid design, or have i overlooked something?

Get an ssh public key from each person. Put it in your
.authorized_users, with the stuff you mentioned above. It'll run
whatever script you want. You just described something like
"env VUSER=anonymous foo".

This technique is fairly commonly used for ssh-based triggers (like
"Start the rsync mirror now").

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

signature.asc
Description: Digital signature