Lists wrote: > On 09/23/2013 02:44 PM, m.roth at 5-cent.us wrote: >> Lists wrote: >>> On 09/23/2013 01:50 PM, Les Mikesell wrote: >>>> Is there something that convinces you that sudo is better at handling >>>> the command restriction than sshd would be? >>> In the context of a production server, the idea is to remove any >>> ability from another host (EG: backup server) to run local arbitrary code or >>> change local files. (read-only) >> <snip> >>> You can disable the password on the backup account to achieve a similar >>> effect using an SSHD option. If there's a better/simpler way to do this >>> via SSHD option I'd love to hear about it! >>> >> Sure. You disable password authentication, and allow keys only, in >> /etc/ssh/sshd_config. > > This prohibits SSH logins via password, but does not strictly enforce > what commands are allowed to be run (and all options allowed) by a > specific which is what I was looking for. > > Having done a bit more research, It does appear that you could use the > "ForceCommand" option and disable passwords altogether for a user to > achieve a similar effect with SSHD. Right, but a) it very much limits who can get in. Another thing is that you can run the backups from a cron job as a push, instead of a pull. And the other user still leaves the issue of ownership - only root can copy a user's home directory, or a project directory owned by that project, and keep it all the same. And don't forget to save selinux contexts.... mark