Hi,
I disagree with almost everything you wrote, but I think it boils down to the following:
On 2011-03-29 15:35, Dick Kniep wrote:
The $SSH_ORIGINAL_COMMAND contains the original command that the client wants to execute on the server. This command is checked against the allowed commands for the user within the wrapper.
Why must there be an extra wrapper to disallow commands, when Linux provides enough tools to do so at system level? Why prohibit those commands in the first place. What you are suggesting, only makes sense when you want to limit parameters passed to a command. BTW: No one needs x2go to run "rm -rf /"! You can just do ssh <server> rm - Why bother using x2go?
Cheers Morty
-- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen
Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : struebe@informatik.uni-erlangen.de WWW : http://www4.informatik.uni-erlangen.de/~morty