Re: Publickey subsystem draft posted

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Thu, Jul 24, 2003 at 07:48:42PM +0200, Jon Bright wrote:
> Nicolas Williams wrote:
> >The "subsystem" restriction should go and be replaced by the subsystem
> >attribute which should list the sub-systems that a user is allowed to
> >start (if the list empty, then none are allowed; if the attribute is
> >missing or if the value is "*", then all are allowed).
> 
> This doesn't match the "command" attribute, which starts the command 
> itself.  Then again, I'm unhappy with that aspect of the "command" 
> attribute's behaviour - it raises questions such as When does it start 
> the command?, Does it wait for the client to request a pty or run the 
> command without one?, etc.  Maybe change "command" to specify a command 
> which the user's allowed to execute.  Ideally, change it to specify more 
> than one command, but in that case, I'm not sure what could be used as a 
> separator.  Maybe allow for more than one command attribute to be set?

The "command" attribute should apply to "session" type channels and
should be executed when the "exec" or "shell" channel requests are
processed.  If a null "command" is given then neither should be allowed.
If no "command" is given both should be allowed.

The "subsystem" attribute should apply to "session" type channels when
the "subsystem" requests are processed.  If a null "subsystem" is given
then none should be allowed.  If no "subsystem" is given then any should
be allowed.

Cheers,

Nico
--