| blob | 0fbdd4b8fd30aa496943c280e8b94ad5a640570a |
1 # this config file takes effect when your login shell is sh.ssh (or bash.ssh).
2 # sh.ssh looks up which commands (shell command lines) are allowed by the
3 # invoking user's group membership.
4 #
5 # using sh.ssh as login shell enables sysadmins to:
6 # - allow ~/.ssh/rc system wide
7 # - but don't allow it for anyone here only for certain groups
8 # - users still can write their files including ~/.ssh/rc
9 # - allow both password and pubkey auth
10 # - because running .ssh/rc can only be disabled globally or per-pubkey
11 # - while not worrying about arbitrary commands called by ~/.ssh/rc
12 # - because it is not allowed here only for certain groups
14 # Show error message when ~/.ssh/rc is going to be run.
15 # Valid parameters: on, off
16 !report-dotsshrc off
18 # Allow any command lines and interactive shell for shell group.
19 shell --- **
21 # shell group users can run anything anyways
22 shell /bin/sh .ssh/rc
24 # Allow sftp only for sftp group, no parameter allowed.
25 sftp /usr/lib/openssh/sftp-server
27 # Allow a single parameter.
28 nogroup ls *
30 # Allow any num of parameters.
31 nogroup date **
33 # Strip single (') and double (") quotation marks from arguments
34 # of the command line which matches to the following rules.
35 !strip-quotes on
37 # This is useful because ssh client thinks she is issuing a shell
38 # command, therefore quoting arguments, but we are converting it
39 # to a pure execve(2) command-arguments sequence.
40 #
41 # N.B. This is NOT a real shell interpolation.
42 # So e.g. bash -c "echo '$LANG'" will result in ["echo", "$LANG"]
43 # with literal string "$LANG".
44 #
45 # git(1) calls git-upload-pack/git-receive-pack over ssh with plain
46 # arguments, no shell-synatax in them, so it's safe to "convert" to
47 # OS command.
49 gitusers git-upload-pack **
50 gitusers git-receive-pack **
52 !strip-quotes off
53 # Rules after "!strip-quotes off" don't involve dump quote-stripping