#!/bin/sh # # allow-backup # John Simpson 2008-01-12 # # usable as a forced command for a backup-only SSH key # # allows "rsync --server" commands to run, but nothing else. # prevents the backup key from being used to ssh into the server as root. # ############################################################################### # # Copyright (C) 2008 John Simpson. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 or version 3 of the # license, at your option. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ############################################################################### # if you want to email a pager or cell phone when an unauthorized use of the # key is detected, set these variables to the sender and recipient of that # email. the sender is usually "postmaster@blah", and the recipient is usually # something like "1234567890@carrier.xyz". MAILFROM="" MAILTO="" ############################################################################### ############################################################################### ############################################################################### # # if it's an authorized command, run it. if echo "${SSH_ORIGINAL_COMMAND:-}" | grep -q '^rsync .*--server ' then exec $SSH_ORIGINAL_COMMAND fi ############################################################################### # # no good... log it. logger -t allow-backup <